22 Sentinel 6.1 User Guidenovdocx (en) 7 January 20101.1.2 IncidentsAn incident is a set of events that require attention (for example, a possible attack). Incidentscentralize the data and typically comprise a correlated event, the associated events that triggered acorrelation rule, asset details of the affected systems, vulnerability state of the affected systems andany remediation information, if known. Incidents can be associated with a remediation workflow iniTRAC, if specified. An incident associated to an iTRAC workflow allows users to track theremediation state of the incident.In the Incidents Tab, you can: Manage incident views View and manage incidents and their associated data Switch between existing incident views1.1.3 iTRACiTRAC’s stateful incident remediation workflow capability allows you to incorporate yourorganization’s incident response processes into Sentinel.In the iTRAC tab, you can: Create custom workflow templates Edit workflow templates Create custom activities Edit activities Associate activities with workflow steps Initiate and execute Processes1.1.4 AnalysisThe Analysis tab is the historical reporting interface for Sentinel. Reports are published on a Webserver and can be rendered in the analysis tab or in an external browser. You can also run and savean Offline Query for later quick retrieval of search results.1.1.5 AdvisorAdvisor is an optional module that provides real-time correlation between detected IDS attacks andvulnerability scan output in order to immediately indicate increased risk to an organization.In the Advisor tab, you can view the products that Novell supports for Advisor and also the status ofthe last five Advisor feed files that have been processed or are being processed.1.1.6 AdminThe Admin tab provides you access to perform the administrative actions and configuration settingsin Sentinel. In the Admin tab, you can: Configure connection to Crystal Reports