-
Planned
8
Support both IPv4 and IPv6 for IP2Location
IP2Location offers IPv4 and IPv6 as separate databases (e.g. DB5 & DB5IPV6) so the feed should be capable of processes both CSV's into Map without the need for complex ...
Comments (1) | by: Ben W. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
8
User behavior analytics(UBA)
All leading SIEM products provide UBA; its a must feature for any modern-day SIEM. Unavailability of UBA is one of the major reason, competitors take edge in POC demos ...
Comments (1) | by: Muhammad S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
8
Customisation WebUI
Like in other Soltware solutions there should be a possibility to customise the Login Page of Sentinel. There should be two things: - customize the login page with the ...
Comments (2) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
8
Schedule download for scp or/and sshfs for file connector
SCP option in the file connector should have schedule/recurring download option. sshfs together with CIFS and NFS, would be very useful option too.
Comments (0) | by: Piotr P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
8
A way to migrate event and rawdata from Sentinel installation to ...
Currently there is no way to migrate event and rawdata between separate Sentinel Installations. The current "Find data" operability in Data Restoration supports only ...
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
8
Ability to import production collectors into the SDK to customize and ...
Provide SDK versions of released collectors - all the data is already contained in the released collector. This step just removes the task of creating a new collector in ...
Comments (2) | by: cameron s. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
7
CheckPoint LEA Connector missing critical pieces of information
I've spotted some flaws on CheckPoint collector. I'm giving one example from blade "URL Filtering" in CheckPoint These fields are : appi_name, matched_category, ...
Comments (2) | by: Pat S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
7
Configurable Alarm View
there is only a non-configurable Alarm view. It would be great to have it configurabel to have other/more table rows. e.g. in the Alarm View list it would very helpful ...
Comments (1) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Dashboards/Visualizations
-
Votes
7
VMWare vCenter logs
vCenter makes most of it's logging available in the Windows Event log for software-based installations, and via Syslog for appliance (VCSA) installations, at least from ...
Comments (1) | by: Brandon L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
7
Out of box Reports extraction Format
At this time reports (out of box)can only be exported from the SIEM as PDF files. It would be great if we could get those reports in CSV format as well.
Comments (1) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Dashboards/Visualizations
-
Votes
7
Enable Users to Toggle Case Sensitivity in Dynamic Lists
When leveraging values in dynamic lists, Sentinel currently enforces case sensitivity when using those values in correlation rules. In some cases, this can be misleading ...
Comments (1) | by: Eric L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Planned
7
Mechanism to customize, per event type, fields of interest that ...
Sentinel needs a means to get common-interest fields to automatically show-up when “More†is selected on an individual event or “Show more details†is ...
Comments (0) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
Support for eStreamer via Cisco nCore client
Cisco is in the process of releasing a client for collecting via eStreamer that is supported and maintained by them rather than asking their consumers to write custom ...
Comments (2) | by: Brandon L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
6
Airwatch Collector
AirWatch is probably one of if not "the" top MDM solutions on the market today. With no Sentinel Collector, that's a significant blindspot of device and user activity in ...
Comments (0) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
WTMP Agent RPM
Worlking at Worldline in a Sentinel project. Worldline has already a Linuy based "Siem" for Linux events, that the buils on Linux scripting. Now they build a Sentinel ...
Comments (2) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
6
Ability to recreate an empty database (Postgres, mongo)
Normally running the 'backup_util.sh' is the part of the daily routine to make a backup about the required components (mainly the config, SI, alerts, etc...) In a case ...
Comments (0) | by: Erno P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
Checksum for eventdata
Currently Sentinel creates checksum only for rawdata in secondary storage. There are some cases where checksum is needed to event data as well. -Br, TimoS
Comments (5) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
Read only user
There should be a posibility to create a read omly user in Sentinel. This is important for Auditors to check the system. This user should have the rights to see ...
Comments (1) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
6
Support Wildcarding In Dynamic Lists
Dynamic Filters should allow the same CIDR notation and wildcarding that Lucene allows specifically for IP addresses. Should also allow ranges like 10.14.1.[1-50]
Comments (1) | by: John G. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
File Connector - Keep file offset data stored while moving log source ...
Now, when moving file log source from cm to another it does not store offset data. This should be fixed. -Br, TimoS
Comments (1) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
We love to hear your ideas for improving Sentinel.
