312 Sentinel 6.1 User Guidenovdocx (en) 7 January 201014.3 iTRACThis section gives and idea relevant to iTRAC.14.3.1 Instantiating a ProcessAn iTRAC process can be instantiated in the iTRAC server by associating an iTRAC process to anincident the following methods: Associate an iTRAC process to the incident at the time of incident creation Associate an iTRAC process to incident after an incident has been created Associate an iTRAC process to an incident as an action when deploying a correlation ruleFor more information on association a process to an incident, see Chapter 3, “Correlation Tab,” onpage 65 and Chapter 4, “Incidents Tab,” on page 93.Example Scenario – Creating a Simple Two Tiered iTRAC Process for a PossibleNetwork AttackNOTE: To perform all of the scenarios in the iTRAC section, iTRAC scenario sections must befollowed in the order presented.This discusses how to make a simple two tiered iTRAC Process. The process is flow of steps thatcan be taken in the event there is a possible attack on your system.The example process is: Asks the question (in the first step – a manual step [Decide if Hacked]), from a preliminarylook has the network been attacked? This leads to a Decision Step.NOTE: All Decision Steps provide different execution paths depending on the value of thevariable defined in the previous step. If there has been an attack, go collect necessary data to determine if there has been an attack. Ifthere is no attack, send an email out to the supervisor that there is not an attack. The Collect Data step is to review the data to make a better determination if there has been anattack. If there has been an attack, take measures to prevent another attack and send an email out to thesupervisor that proper measures have been taken. If there is no attack, send an email out to thesupervisor that there is not an attack.Figure 14-3 iTRAC Process