-
Votes
8
Ability to import production collectors into the SDK to customize and ...
Provide SDK versions of released collectors - all the data is already contained in the released collector. This step just removes the task of creating a new collector in ...
Comments (2) | by: cameron s. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
7
CheckPoint LEA Connector missing critical pieces of information
I've spotted some flaws on CheckPoint collector. I'm giving one example from blade "URL Filtering" in CheckPoint These fields are : appi_name, matched_category, ...
Comments (2) | by: Pat S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
7
Configurable Alarm View
there is only a non-configurable Alarm view. It would be great to have it configurabel to have other/more table rows. e.g. in the Alarm View list it would very helpful ...
Comments (1) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Dashboards/Visualizations
-
Votes
7
VMWare vCenter logs
vCenter makes most of it's logging available in the Windows Event log for software-based installations, and via Syslog for appliance (VCSA) installations, at least from ...
Comments (1) | by: Brandon L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
7
Out of box Reports extraction Format
At this time reports (out of box)can only be exported from the SIEM as PDF files. It would be great if we could get those reports in CSV format as well.
Comments (1) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Dashboards/Visualizations
-
Votes
7
Enable Users to Toggle Case Sensitivity in Dynamic Lists
When leveraging values in dynamic lists, Sentinel currently enforces case sensitivity when using those values in correlation rules. In some cases, this can be misleading ...
Comments (1) | by: Eric L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Planned
7
Mechanism to customize, per event type, fields of interest that ...
Sentinel needs a means to get common-interest fields to automatically show-up when “More†is selected on an individual event or “Show more details†is ...
Comments (0) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
Support for eStreamer via Cisco nCore client
Cisco is in the process of releasing a client for collecting via eStreamer that is supported and maintained by them rather than asking their consumers to write custom ...
Comments (2) | by: Brandon L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
6
Airwatch Collector
AirWatch is probably one of if not "the" top MDM solutions on the market today. With no Sentinel Collector, that's a significant blindspot of device and user activity in ...
Comments (0) | by: Ted E. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
WTMP Agent RPM
Worlking at Worldline in a Sentinel project. Worldline has already a Linuy based "Siem" for Linux events, that the buils on Linux scripting. Now they build a Sentinel ...
Comments (2) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Installation/Deployment
-
Votes
6
Ability to recreate an empty database (Postgres, mongo)
Normally running the 'backup_util.sh' is the part of the daily routine to make a backup about the required components (mainly the config, SI, alerts, etc...) In a case ...
Comments (0) | by: Erno P. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
Checksum for eventdata
Currently Sentinel creates checksum only for rawdata in secondary storage. There are some cases where checksum is needed to event data as well. -Br, TimoS
Comments (5) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
Read only user
There should be a posibility to create a read omly user in Sentinel. This is important for Auditors to check the system. This user should have the rights to see ...
Comments (1) | by: Ulrich S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
6
Support Wildcarding In Dynamic Lists
Dynamic Filters should allow the same CIDR notation and wildcarding that Lucene allows specifically for IP addresses. Should also allow ranges like 10.14.1.[1-50]
Comments (1) | by: John G. | over a year ago | Last activity over a year ago | Status changed over a year ago | Other
-
Votes
6
File Connector - Keep file offset data stored while moving log source ...
Now, when moving file log source from cm to another it does not store offset data. This should be fixed. -Br, TimoS
Comments (1) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Configuration
-
Votes
6
F5 parser Event Name in clear text ...
Hi, This Collector has been added to support High Speed logging. The collector uses log message ID numbers as Event Name. This is not clear text and clear to understand. ...
Comments (0) | by: Timo S. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
Normalize severity against a standard severity scale rather than ...
Different vendors attribute different severities to certain types of events based on their own internal way of looking at the data. When Sentinel sets the severity, it ...
Comments (2) | by: Brandon L. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
6
Carbon Black Enterprise Response collector
Carbon Black Enterprise Response is well know in this space. With no Sentinel Collector, that's a significant blindspot of device and user activity in our network.
Comments (2) | by: Richard M. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Votes
6
Customer needs the ability to process EVTX files from netapp
Sentinel should be capable of ingesting evtx files from netapp
Comments (3) | by: James H. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
-
Planned
6
Raw bulk syslog event forwarding
Allow forwarding of raw syslog events at volume to additional locations with the ability to spoof the source ip on UDP sessions
Comments (0) | by: cameron s. | over a year ago | Last activity over a year ago | Status changed over a year ago | Integrations
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
We love to hear your ideas for improving Sentinel.
