Sentinel 8.2 SP3 includes new features and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Sentinel forum, our online community that also includes product information, blogs, and links to helpful resources. You can also share your ideas for improving the product in the Ideas Portal.
The documentation for this product is available in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Sentinel Documentation page. To download this product, see the Product Download website.
The following sections outline the key features provided by this version, as well as issues resolved in this release:
To comply with STIG V-35070, you can now limit the number of concurrent sessions you want to allow per user or tenant. Limiting the number of sessions prevents attackers from launching sessions beyond the allowed limit, in case of an attack.
Sentinel does not limit concurrent sessions by default. You must configure this limit manually.
You can now configure Sentinel to end a session if there is no user activity for a specified duration. Sentinel displays a warning a minute before ending the session. If a user keeps a session inactive beyond this duration, Sentinel logs the user out of the session.
Sentinel does not track user inactivity by default. You must manually configure Sentinel to end inactive sessions.
To comply with STIG V-57405, Sentinel now displays a confirmation screen when you log out to indicate you have logged out.
Sentinel Agent Manager Central Computer and Sentinel Agent Manager Console is now certified on Microsoft Windows Server 2019.
Sentinel 8.2 SP3 includes software fixes that resolve the following issues:
Issue: In, specifying search criteria as regular expressions containing uppercase letters does not display results. Sentinel displays results only if all the letters in a regular expression are in lower case.
Fix: You can now use upper case letters in regular expressions, in the Alert dashboard filter. (Bug 1131249)
Fix: You can run custom reports created in earlier versions of Sentinel successfully. (Bug 1136630)
Fix: You can launch the Event Visualization dashboard in Internet Explorer 11. (Bug 981308, Bug 106418)
Issue: Silent installation fails when you try to connect Collector Manager or Correlation Engine to different Sentinel servers. (Bug 1137777)
For more information about hardware requirements, supported operating systems, and browsers, see the Technical Information for Sentinel page.
For information about installing Sentinel 8.2 SP3, see the Sentinel Installation and Configuration Guide.
You can upgrade to Sentinel 8.2 SP3 from Sentinel 8.2 or later.
You must download the post-upgrade utility and run it again when you are upgrading from Sentinel 8.2 only if you have done the following:
Upgraded to SLES 12 SP3.
Run the post-upgrade utility.
To download the post-upgrade utility, select Micro Focus Patch Finder website and download sentinel_sles_iso_os_post_upgrade-release-85.tar.gz.in the
You do not have to run the post-upgrade utility again if you have done the following:
Upgraded Sentinel to version 8.2, SLES to SLES 12 SP3, and run the post-upgrade utility version sentinel_sles_iso_os_post_upgrade-release-85.tar.gz.
Upgrading from 8.2 P1 and later.
If you have installed Sentinel 8.2 appliance in high availability mode, Sentinel does not to launch the Sentinel Appliance Management Console. For more information about launching the Sentinel Appliance Management Console in high availability mode, see Upgrading to Sentinel 8.2 Patch Update 1 or Later.
If you upgrade from Sentinel 8.2 or 8.2 P1 to 8.2 SP3, you must manually assign thepermission to non-administrator users who send events or attachments to Sentinel. Unless you assign this permission, Sentinel will no longer receive events and attachments from Change Guardian and Secure Configuration Manager.
You need not reassign this permission if you are upgrading from 8.2 SP1 or 8.2 SP2 to 8.2 SP3.
Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following known issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
The Java 8 update included in Sentinel might impact the following plug-ins:
Cisco SDEE Connector
SAP (XAL) Connector
For any issues with these plug-ins, we will prioritize and fix the issues according to standard defect-handling policies. For more information about support polices, see Support Policies.
Issue: The installer halts at the installation in progress screen and does not display the login screen even though the installation is complete.
Workaround: Reboot the virtual machine and launch Sentinel, Collector Manager, or Correlation Engine. (Bug 1134657)
Issue: In Hyper-V Server 2016, Sentinel appliance does not start when you reboot it and displays the following message:
A start job is running for dev-disk-by\..
This issue occurs because the operating system modifies the disk UUID during installation. Therefore, during reboot it cannot find the disk.
Workaround: Manually modify the disk UUID. For more information, see Knowledge Base Article 7023143.
Issue: When you upgrade to Sentinel 8.2 HA appliance, Sentinel displays the following error:
Installation of novell-SentinelSI-db-22.214.171.124-<version> failed: with --nodeps --force) Error: Subprocess failed. Error: RPM failed: Command exited with status 1. Abort, retry, ignore? [a/r/i] (a):
Workaround: Before you respond to the above prompt, perform the following:
Start another session using PuTTY or similar software to the host where you are running the upgrade.
Add the following entry in the /etc/csync2/csync2.cfg file:
Remove the sentinel folder from /var/opt/novell:
rm -rf /var/opt/novell/sentinel
Return to the session where you had initiated the upgrade and enter r to proceed with the upgrade.
Issue: Installation of Collector Manager and Correlation Engine appliance fails in MFA mode if the operating system language is other than English. (Bug 1045967)
Workaround: Install Collector Manager and Correlation Engine appliances in English. After the installation is complete, change the language as needed.
Issue: Theand buttons in the appliance installation screens do not appear or are disabled in some cases, such as the following:
When you clickfrom the Sentinel precheck screen to edit or review the information in the Sentinel Server Appliance Network Settings screen, there is no button to proceed with the installation. The button allows you to only edit the specified information.
If you have specified incorrect network settings, the Sentinel Precheck screen indicates that you cannot proceed with the installation due to incorrect network information. There is nobutton to go the previous screen to modify the network settings.
Workaround: Restart the appliance installation.
Issue: Sentinel displays the following message during start up in the server.log file:
Value for attribute rv43 is too long
Workaround: Ignore the exception. Although the message is displayed, Sentinel works as expected.
Issue: When there is a large number of events whose retention period has expired and SSDM tries to delete those events from Elasticsearch, the following exception is displayed in the server.log file:
java.net.SocketTimeoutException: Read timed out
Workaround: Ignore the exception. This exception occurs due to the time taken to delete the large amount of data. Although the exception is displayed, SSDM successfully deletes the events from Elasticsearch.
Issue: If you manually install and enable time synchronization in open-vm-tools, they periodically synchronize time between the Sentinel appliance (guest) and the VMware ESX server (host). These time synchronizations can result in moving the guest clock either behind or ahead of the ESX server time. Until the time is synchronized between the Sentinel appliance (guest) and the ESX server (host), Sentinel does not process events. As a result, a large number of events are queued up in the Collector Manager, which may eventually drop events once it reaches its threshold. To avoid this issue, Sentinel disables time synchronization by default in the open-vm-tools version available in Sentinel. (Bug 1099341)
Workaround: Disable time synchronization. For more information about disabling time synchronization, see Disabling Time Synchronization.
Issue: When FIPS 140-2 mode is enabled in Sentinel, using Windows authentication for Agent Manager causes synchronization with the Agent Manager database to fail. (Bug 814452)
Workaround: Use SQL authentication for Agent Manager.
Issue: The Sentinel High Availability installation in non-FIPS 140-2 mode completes successfully but displays the following error twice:
/opt/novell/sentinel/setup/configure.sh: line 1045: [: too many arguments
Workaround: The error is expected and you can safely ignore it. Although the installer displays the error, the Sentinel High Availability configuration works successfully in non-FIPS 140-2 mode.
Issue: While using Keytool command, the following warning is displayed: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12which is an industry standard format using "keytool -importkeystore -srckeystore /<sentinel_install_directory>/etc/opt/novell/sentinel/config/.webserverkeystore.jks -destkeystore /<sentinel_install_directory>/etc/opt/novell/sentinel/config/.webserverkeystore.jks -deststoretype pkcs12". (Bug 1086612)
Workaround: The warning is expected and you can safely ignore it. Although the warning is displayed, Keytool command works as expected.
Issue: In FIPS mode, when processing out-of-the-box threat Intelligence feeds from URLs, Sentinel displays the following error: Received fatal alert: protocol_version. This issue occurs because the out-of-the-box threat feeds now support only TLS 1.2, which does not work in FIPS mode. (Bug 1086631)
Workaround: Perform the following:
Click> > .
Edit each URL to change the protocol from http to https.
Issue: In multi-factor authentication mode, if you log out of (Bug 1087856)you do not get logged out of Sentinel dashboards and vice versa. This is due to an issue in the Advanced Authentication Framework.
Workaround: Until a fix is available in the Advanced Authentication Framework, refresh the screen to view the login screen.
For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.
Additional technical information or advice is available from several sources:
© Copyright 2001-2019 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.