The Sentinel platform comprises a broad spectrum of functionality, and different customers have different needs. NetIQ provides different licensing models to meet those needs.
Prior to Sentinel 7.3, the basic Sentinel platform was delivered as two different products; that is, Sentinel and Sentinel Log Manager. As of Sentinel 7.3, NetIQ delivers the two products as a single unitary platform to improve its delivery of new features, patches, documentation, and support, while allowing customers to select the solution capabilities that best match their needs.
The Sentinel platform provides two main solutions:
Sentinel Enterprise: A full-featured solution that enables all the core real-time visual analytics functions and many additional features. Sentinel Enterprise focuses on SIEM use cases such as real-time threat detection, alerting, and remediation.
Sentinel for Log Management: A solution for log management use cases such as the ability to collect, store, search, and report on data.
Sentinel for Log Management 7.3 represents a substantial upgrade from the functionality provided in Sentinel Log Manager 1.2.2, and in some cases, significant parts of the architecture have changed. To plan your upgrade to Sentinel for Log Management 7.3, see the FAQ document available at https://www.netiq.com/products/sentinel/frequently-asked-questions/slm122-to-slm73-upgrade-faqs.html.
Depending on which solution(s) and add-ons you purchase, NetIQ will provide you with the appropriate license keys and entitlements to enable the right functionality within Sentinel. Although the license keys and entitlements govern basic access to product features and downloads, you should refer to your purchase agreement and the End-User License Agreement for additional terms and conditions.
The following table outlines the specific services and features that are enabled on each of the solutions:
Table 4-1 Sentinel Services and Features
Services and Features |
Sentinel Enterprise |
Sentinel for Log Management |
---|---|---|
Core Functionality
|
Yes |
Yes |
Actions
|
Yes |
Yes |
Routing Rules
|
Yes |
Yes |
Sentinel Link |
Yes |
Yes |
Correlation
|
Yes |
No |
Data Synchronization |
Yes |
Yes |
Event data restoration from archive |
Yes |
Yes |
Data Federation (distributed search) |
Yes |
Yes |
Exploit Detection (Advisor) |
Yes |
Yes |
Security Intelligence
|
Yes |
No |