The raw data files for each event source are compressed and moved to secondary storage every hour and the file hash is computed for secondary storage files. The file hash is used to check the integrity of the files in the secondary storage.
From Sentinel Main, click Storage > Download Raw Data.
In the Event source hierarchy field, select the desired Collector and Connector combination from the drop-down list.
In the Event Source field, select the event source from the drop-down list.
The Event Source field displays the list of associated event sources (hostnames or IP addresses) after the Event source hierarchy field is populated.
In the table, click Select All to select all the files in the table.
or
Select each file separately.
The table displays the list of primary and secondary storage raw data files for the selected event source. The Verify Integrity and Download options are enabled only when you select a file from the table.
Click Verify Integrity to verify the integrity of the selected files in the secondary storage by comparing the hash values for the selected files in the secondary storage.
Sentinel computes the hash and updates the database for the files in the secondary storage, but not for the local raw data files. Because the raw data files are updated until they are moved to secondary storage, the hash value cannot be computed or updated for these files. It is not possible to check the integrity of the local raw data files.
Select the raw data file, click Download to download the selected secondary storage and local raw data files.
The selected files are downloaded in the form of a ZIP file that contains a .csv (comma separated values) file. If the secondary storage files are selected, the ZIP file also contains a hash file corresponding to each of the secondary storage files downloaded.
Sentinel uses the SHA-256 algorithm to generate the file hash. The generated hash is Base64 encoded.
Select Save File and click OK.