4.0 Understanding License Information

The Sentinel platform comprises a broad spectrum of functionality, and different customers have different needs. NetIQ provides different licensing models to meet those needs.

Prior to Sentinel 7.3, the basic Sentinel platform was delivered as two different products; that is, Sentinel and Sentinel Log Manager. As of Sentinel 7.3, NetIQ delivers the two products as a single unitary platform to improve its delivery of new features, patches, documentation, and support, while allowing customers to select the solution capabilities that best match their needs.

The Sentinel platform provides two main solutions:

  • Sentinel Enterprise: A full-featured solution that enables all the core real-time visual analytics functions and many additional features. Sentinel Enterprise focuses on SIEM use cases such as real-time threat detection, alerting, and remediation.

  • Sentinel for Log Management: A solution for log management use cases such as the ability to collect, store, search, and report on data.

    Sentinel for Log Management 7.3 represents a substantial upgrade from the functionality provided in Sentinel Log Manager 1.2.2, and in some cases, significant parts of the architecture have changed. To plan your upgrade to Sentinel for Log Management 7.3, see the FAQ document available at https://www.netiq.com/products/sentinel/frequently-asked-questions/slm122-to-slm73-upgrade-faqs.html.

Depending on which solution(s) and add-ons you purchase, NetIQ will provide you with the appropriate license keys and entitlements to enable the right functionality within Sentinel. Although the license keys and entitlements govern basic access to product features and downloads, you should refer to your purchase agreement and the End-User License Agreement for additional terms and conditions.

The following table outlines the specific services and features that are enabled on each of the solutions:

Table 4-1 Sentinel Services and Features

Services and Features

Sentinel Enterprise

Sentinel for Log Management

Core Functionality

  • Basic event collection

  • Non-event data collection (assets, vulnerabilities, identities)

  • Parsing and normalization

  • Taxonomic classification of event data

  • In-line contextual mapping

  • Netflow collection and storage

  • Real-time NetFlow visualization

  • NetFlow visualization based on events

  • Event search (local)

  • Event reporting

  • Event filtering

  • Real-time event visualization

  • Event storage

  • Data retention policies

  • Event store non-repudiation

  • FIPS enablement

  • Manually triggered actions

  • Manual incident creation and management

  • Incident actions and workflows

  • iTRAC Workflows

Yes

Yes

Actions

  • Correlation-triggered actions (only if correlation is enabled)

  • Routing rule-triggered actions (only if rules are enabled)

  • Manually triggered actions

Yes

Yes

Routing Rules

  • Event routing (external)

  • Actions triggered by routing rules (only if actions are enabled)

Yes

Yes

Sentinel Link

Yes

Yes

Correlation

  • Real-time pattern correlation

  • Actions triggered by correlation rules (only if actions are enabled)

  • Alert triage

  • Alert dashboards

Yes

No

Data Synchronization

Yes

Yes

Event data restoration from archive

Yes

Yes

Data Federation (distributed search)

Yes

Yes

Exploit Detection (Advisor)

Yes

Yes

Security Intelligence

  • Anomaly rules

  • Real-time statistical analysis

Yes

No