An activity is very similar to a command step, except that activities are reusable and cannot use input or output variables. The activities pane shows a library of user-defined, reusable activities that can reduce the amount of configuration necessary when building templates.
Activities are exported or imported as .xml files. These files can be exported or imported from one system to another.
iTRAC activities can be used in iTRAC templates to define a workflow step, or they can be manually executed from within an incident. Sentinel provides three types of actions that can be used to build activities:
An incident command activity enables you to launch a specific command with or without arguments. The following fields from the incident associated with the workflow process can be used as input to the command:
DIP [Target IP]
DIP: Port
RT1 (IDSAttackName)
SIP [Initiator IP]
SIP: Port
Text (incident information in name value pair format)
The command (a script file that refers to the command) must be stored in the /opt/novell/sentinel/bin/actions directory on the Sentinel server.
An incident internal activity enables you to email and attach information from the Sentinel database to the incident associated with the workflow process. Each of these options has a prerequisite:
Vulnerability for the Initiator IP address (SIP) or the Target IP address (DIP): Requires that you run a vulnerability scanner and bring the results of the scan into Sentinel by using a Vulnerability (or information) Collector
Asset data: Requires that you run an asset management tool such as NMAP and bring the results into Sentinel by using an Asset Collector.
To send mail messages from within the Sentinel Control Center, you must have an SMTP integrator that is configured with connection information and with the SentinelDefaultEMailServer property set to True.
An incident composite activity enables you to combine one or more existing commands and internal activities.