-
Votes
6
File Connector - Keep file offset data stored while moving log source ...
Now, when moving file log source from cm to another it does not store offset data. This should be fixed. -Br, TimoS
Comments (1) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
6
Checksum for eventdata
Currently Sentinel creates checksum only for rawdata in secondary storage. There are some cases where checksum is needed to event data as well. -Br, TimoS
Comments (5) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
14
EPS level alert, monitoring and visualization
Currently Sentinel does not have any method to monitor EPS levels properly. It would good to have some way to monitor EPS levels and have an alert if e.g. system ...
Comments (5) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
10
Make Sentinel 8 CentOS 7 "compatible"
Hi, Sometimes I want to install Sentinel to CentOS (e.g no hassle with licensing in labs). Sentinel 7.4 series run fine in Centos 6.x. Would developers make Sentinel 8 ...
Comments (2) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
3
Make Data Source selection permanent
Data Source selection should be made permanent so that it is selected every time you make a search. Now it should be manually ticked every time you make a new search.
Comments (1) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
1
File Connector: File missing log event should contain event source ...
When file connector reports file missing. The event should contain event source information. This event is created in /var/opt/novell/sentinel/server0.0.log file.
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
F5 parser Event Name in clear text ...
Hi, This Collector has been added to support High Speed logging. The collector uses log message ID numbers as Event Name. This is not clear text and clear to understand. ...
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
4
Every JDBC database log source requires their own collector --> One ...
Hi, Currently JDBC database implementation needs a collector per single logsource. Even if the query is the same between servers. The offset value seems to be stored in ...
Comments (2) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
3
RedHat 8
Hi, RedHat 8 is published and many vendors and companies are planning to jump from RHEL6 to RHEL8. Is there any plans to make Sentinel8 RHEL8 compatible? -Br, TimoS
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Supported Platforms
-
Votes
3
MSG Field size to 16kB
The message field size should be bigger. Some of custom log event sources require bigger msg size.
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
2
CheckPoint R80.xx: LogExporter Collector is needed
CheckPoint has migrated from LEA-protocol to LogExporter (syslog) to integrate with SIEM products. At the same time the log event format has changed. Therefore a new ...
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
Possibility to restart individual Event source via CLI or REST API
Background: We have severe problems with File Connector log sources and have not get solution for that yet. For some reason file reading hangs occasionaly and never ...
Comments (0) | by: Kimmo J. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Planned
2
Forcepoint's Data Leak Prevention (DLP) AP-Data collector
Forcepoint's Data Leak Prevention (DLP) AP-Data is well know in this space. With no Sentinel Collector, that's a significant blindspot of device and user activity in our ...
Comments (0) | by: Richard M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
5
Forcepoint's web gateways AP-Web collector
Forcepoint's web gateways AP-Web is well know in this space. With no Sentinel Collector, that's a significant blindspot of device and user activity in our network.
Comments (1) | by: Richard M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
6
Carbon Black Enterprise Response collector
Carbon Black Enterprise Response is well know in this space. With no Sentinel Collector, that's a significant blindspot of device and user activity in our network.
Comments (2) | by: Richard M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
7
Enable Users to Toggle Case Sensitivity in Dynamic Lists
When leveraging values in dynamic lists, Sentinel currently enforces case sensitivity when using those values in correlation rules. In some cases, this can be misleading ...
Comments (1) | by: Eric L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
8
Sentinel Windows Agent Should Handle Rotating Application Logs
Currently, the file connector has the capability to process rotating logs but that requires the ability to set up shares for Sentinel to access those logs remotely or ...
Comments (2) | by: Eric L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
2
Ability to Export\Import Routing Rules
In some environments there may be many routing rules configured in Sentinel to do things like forward events via Sentinel link, tag events, or forward to another syslog ...
Comments (3) | by: Eric L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
4
Use Email lists in correlation events
If you have multiple recipients for correlation event alarms, you have to create from CC's action manager an action for each recipient or add multiple addresses to the ...
Comments (2) | by: Jari V. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
2
Correlation dropped error reporter
It should be configurable per event source if you want it to alert if the events don't come to Sentinel in the correct time window. At the moment the system writes these ...
Comments (0) | by: Jari V. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
We love to hear your ideas for improving Sentinel.
