Configuring the probe to retrieve data from ISS Site Protector

You can use the JDBC Probe to acquire events from ISS SiteProtector. To do so, you must use the alternative rules file and some additional configuration files that have been written for this purpose.

To support ISS SiteProtector, you require the following files:
  • iss_siteprotector.rules: This is the alternative rules file that you should specify in the RulesFile property instead of jdbc.rules.
  • sitepro.include.lookup: This file is referenced by the rules file.
  • sitepro.post.include: This include file allows the probe to use a modified ObjectServer schema.
  • select_rules.sql: This file contains the mandatory select query that the probe uses to acquire data from ISS SiteProtector.

These files are supplied within the probes installation package. You should check the contents of the select_rules.sql query and make any changes required to suit your environment.

You will also need to make various updates to the jdbc.props file.

To configure the connection to the ISS SiteProtector, set the following properties in the jdbc.props file:


DBPassword      : 'password'
DBUsername      : 'user_name'
JdbcDriver	     : 'com.microsoft.sqlserver.jdbc.SQLServerDriver'
JdbcUrl	 	     : 'jdbc:sqlserver://localhost:1433;databaseName=RealSecureDB'

To configure the probe to use the select query written for ISS SiteProtector, set the following property in the jdbc.props file:


SelectSqlFile    : 'C:\\IBM\\Tivoli\\Netcool\\omnibus\\var\\select_rules.sql'

To configure the probe to use the rules file written for ISS SiteProtector, set the following property in the jdbc.props file:


RulesFile        : 
'C:\\IBM\\Tivoli\\Netcool\\omnibus\\probes\\win32\\iss_siteprotector.rules'

Updating the rules file

sitepro.include.lookup and sitepro.post.include are referenced from the iss_siteprotector.rules file by include statements. You will need to update these include statements to reflect full paths to these files in your probe installation. Open the rules file, search for the two commented out include statements that reference sitepro.include.lookup and sitepro.post.include and update their respective paths.

For example, on Windows operation systems, replace the commented out include statements with:

include "$OMNIHOME/probes/win32/sitepro.include.lookup"

include "$OMNIHOME/probes/win32/sitepro.post.include"

Where $OMNIHOME is the full path to the probe installation.

On Unix and Linux operating systems, replace the commented out include statements with:

include "$OMNIHOME/probes/includes/sitepro.include.lookup"

include "$OMNIHOME/probes/includes/sitepro.post.include"

Where $OMNIHOME is the full path to the probe installation.

Configuring the ObjectServer schema

The sitepro.post.include file contains the following set of field/element definitions that have been commented out:

# @NsProtocol = $NsProtocol
# @NsEventType = $NsEventType
# @NsClass = $NsClass
# @NsCVE = $NsCVE
# @NsThreatCategory = $NsThreatCategory
# @NsThreatType = $NsThreatType
# @NsVirusName = $NsVirusName
# @NsVendor = $NsVendor
# @NsProduct = $NsProduct
# @NsVersion = $NsVersion
# @NsPatch = $NsPatch
# @NsRaw = $NsRaw
# @NsScore = $NsScore
# @NsConfidentiality = $NsConfidentiality
# @NsIntegrity = $NsIntegrity
# @NsAvailability = $NsAvailability
# @NsRate = $NsRate
# @NsAlertType = $NsAlertType
# @NsAlertTypeDesc = $NsAlertTypeDesc

You must edit the sitepro.post.include file to uncomment these definitions and then create the fields indicated in the ObjectServer. For details of creating fields, see the Netcool/OMNIbus Installation and Deployment Guide.