Compliance Management

Sentinel Compliance Tracking is a unified vulnerability management platform designed to consolidate findings from various scanners, tools, and manual inputs into a single, structured system. It enables administrators and IT security engineers (ITSE) to track, manage, and remediate compliance-related findings across projects and products.

Key Components

  • Projects: High-level containers for organizing compliance initiatives (e.g., Host Compliance, Network Device Compliance 2025).

  • Products: Sub-components under a project representing specific assets or systems (e.g., Product A, Campus Network).

  • Plugins: Scripts used to parse raw scanner output and normalize findings.

  • Tags: Labels applied to findings (e.g., for manual entries or categorization).

  • API: Programmatic interface for uploading results and integrating with external tools.

Workflow Overview

Step 1: Create a Project

  • Role: Admin/ITSE

  • Action: Navigate to the Compliance Module and create a new project (e.g., "Host Compliance").

  • Purpose: Organize compliance efforts by initiative or scope.

Step 2: Create Products Under the Project

  • Role: Admin/ITSE

  • Action: Within the selected project, create one or more products (e.g., "Product A", "Campus Network").

  • Purpose: Segment assets or systems for granular tracking.

Step 3: Upload Findings

  • Role: Admin/ITSE

  • Action:

    • Go to the selected product.

    • Upload raw scanner output using predefined plugins (scripts that parse and normalize data).

    • Apply tags for manual findings or additional context.

    • Alternatively, use the API to submit results programmatically.

  • Purpose: Ingest findings into Sentinel for processing and tracking.

Step 4: Processing Findings

  • Plugins parse the uploaded data and populate findings in the system.

  • Severity Handling:

    • If the compliance scan includes severity levels, those are retained.

    • If no severity is provided, the default is set to Medium.

  • Tags help categorize findings (e.g., "manual", "network-device").

Step 5: Status Tracking and Updates

  • Each time new data is uploaded, Sentinel compares it against existing records in the database.

  • Matching Criteria: Findings are matched based on:

    • Same source plugin.

    • Same tags.

  • Actions:

    • New findings are added.

    • Existing findings are updated (e.g., status changes, severity adjustments).

    • Resolved or outdated findings are archived or marked accordingly.

Step 6: Unified Management

  • All findings—whether from automated scans, tools, or manual inputs—are consolidated into a single platform.

  • Provides a centralized view for vulnerability management, reporting, and remediation tracking.

4. Key Features

  • Flexible Inputs: Supports both file uploads and API integrations.

  • Normalization: Plugins ensure consistency in data format and severity.

  • Real-Time Updates: Automated matching and updating reduce manual effort.

  • Tagging System: Enables detailed categorization and filtering.

  • Comprehensive Coverage: Handles diverse sources (scanners, tools, manual entries).

5. API Integration

  • API details will be covered in a separate document.

  • Expected functionalities:

    • Submit scan results.

    • Retrieve project/product details.

    • Update finding statuses.

  • Authentication and endpoints to be specified.

PreviousVAPT ManagementNext🚀 How to Upload AWS Findings to Sentinel (Security Hub)

Last updated