Administration 251novdocx (en) 7 January 201011.8 MappingA map is a collection of values and keys defined in a CSV or text file. You can enrich your data byusing maps. With the help of maps you can add additional information to the incoming events fromyour source device. This additional information which was not present can be used for correlationand reporting.You can create your custom maps in addition to the default maps available. You can use eventmapping which allows you to add additional data to an event by using data already present in theevent and by referencing and pulling data from an outside source. For more information, seeSection 11.9, “Event Configuration,” on page 261 and Section 11.9.1, “Event Mapping,” onpage 261.NOTE: In order to do Mapping, your configuration.xml file must be pointing to aCommunication Server that has DAS_Binary and DAS_Query connected to it. This will normally bethe case, by default, as long as the Communication Server and DAS processes are running.The Mapping tab allows you to: Add new map definitions Edit map definitions Delete map definitions Update map dataMapping works together with the Referenced from Map Data Source setting for individual fieldsunder Section 11.9, “Event Configuration,” on page 261. You can map by using a string or numberrange. The following are the default maps available: AccountIdentity: Contains information about identities and the accounts associated withthem. The keys are UserName, UserDomain, and CustomerName (for MSSPs). This map ispopulated from information in the Account and Identity tables in the Sentinel database. Asset: Contains the data from the map data source file asset.csv. The asset.csv isautomatically generated from asset data from Sentinel Database when an asset Collector is run.This file could be populated manually instead, if desired. The keys are PhysicalAssetName andCustomerName (for MSSPs). AssetToRegulation: Contains the data from the map data source fileAssetToRegulation.csv. This file must be populated manually. CustomerHierarchy: Generally used for Managed Security Service Providers (MSSPs), thiscan be used to organize customers into a four-level hierarchy Contains data from thecustomerhierachy.csv. This file must be populated manually. The key is CustomerName. IpToCountry: Contains the data from the map data source file IpToCountry.csv. This filemust be populated manually. IsExploitWatchlist: Contains the data from the map data source fileexploitDetection.csv (vulnerabilities and threats). The exploitDetection.csv file isautomatically generated from Advisor and Vulnerability data from Sentinel Database wheneither an Advisor feed is completed or a vulnerability Collector is run. The keys are IP,AttackName, DeviceName, and CustomerName (for MSSPs).