Sentinel

This entry is part 5 of 5 in the series Sentinel Collector SDK 2014 Updates

A recent thread in the public forums, which you may have seen already, brings to light some new possibilities that I would like to cover today. So far in this series we’ve been talking about new offerings of the updated SDK and the code within; part of that development lifecycle would optimally include some…

By: ab
Feb 4, 2015
12:29 pm
Reads:
421
Score:
Unrated
This entry is part 4 of 5 in the series Sentinel Collector SDK 2014 Updates

This entry is part 4 of 5 in the series Sentinel Collector SDK 2014 UpdatesFor the past while this series has been covering some of the powerful updates present in the 2014 Preview version of the new Sentinel SDK, which is used for creating various types of Sentinel plugins (collectors, reports, solution packs, actions, etc.)…

+ read more

By: ab
Jan 28, 2015
12:51 pm
Reads:
667
Score:
5

Sentinel allows you to create your own detailed reports within the web interface. However, more control over the report layout may be desired. NetIQ makes the Sentinel SDK available to not only develop custom plugins, but also create custom reports. There’s quite a bit involved in customizing a report, and the whole process does take…

+ read more

Jan 22, 2015
4:11 pm
Reads:
1,075
Score:
5

NetIQ’s Sentinel product is a SIEM solution that provides the ability to capture events from any number of event sources, and of any type, into a system that normalizes the data, finds meaning in a barrage of nonsense (needle in a haystack), and includes incidents management based on custom workflows as defined by each customer….

+ read more

By: ab
Jan 21, 2015
11:50 am
Reads:
791
Score:
5
This entry is part 3 of 5 in the series Sentinel Collector SDK 2014 Updates

This article is part of a series of articles diving into the new functionality present in the 2014 Preview Sentinel SDK. Today I will be covering the new documentation options and what they mean for those who have developed collectors previously, as well as all of us developing collectors now and in the future.

By: ab
Jan 15, 2015
3:29 pm
Reads:
556
Score:
5
This entry is part 2 of 5 in the series Sentinel Collector SDK 2014 Updates

Recently I posted a previous article in this series about the new Sentinel 2014 Preview SDK and its availability in a standard archive or via the public SVN repository. Today I want to go in-depth on one of the great new features that will likely cause anybody who has ever used the SDK to jump…

By: ab
Jan 8, 2015
12:12 pm
Reads:
1,001
Score:
5
This entry is part 1 of 5 in the series Sentinel Collector SDK 2014 Updates

Working as a consultant on things Identity, Access, and Security I get to meddle with some really great products, and Sentinel is among those. Recent work building some customized collectors (for custom applications) has helped me find a few tidbits that I wish would have been more-obvious. Perhaps others, via this series of articles, will…

By: ab
Dec 31, 2014
10:40 am
Reads:
709
Score:
5

There are always configuration options that you find the first time you setup a new system, and then there are some that you find when you are asked for some odd business reason that may not have been as obvious on day one. One of these options for services is the ability to restrict which…

+ read more

By: ab
Dec 12, 2014
9:00 am
Reads:
630
Score:
5

We encountered a very rare event where the Event Partition Data (index of raw event data) failed to be written to the secondary storage. While the compressed raw data was still intact and written to the secondary storage, it could not be queried as the index of its content was missing. The resolution required several…

+ read more

ScorpionSting
Oct 9, 2014
2:41 pm
Reads:
659
Score:
Unrated

These two scripts simplify the management of Sentinel Backups by only keeping the last 2 of each (daily/full) compressed backups. In each file, there are some variables to update to suit your environment: SEND_TO – where you want emails of backup process to be sent to. SEND_FROM – where the emails should look like they…

+ read more

ScorpionSting
Aug 28, 2014
12:42 pm
Reads:
783
Score:
5