The raw data files for each event source are compressed and moved to networked storage every hour and the file hash is computed for networked storage files. The file hash is used to check the integrity of the files in the networked storage.
Log in to the Sentinel Web interface as a user in the administrator role.
In the toolbar, click the .
Click the tab.
In the field, select the desired Collector and Connector combination from the drop-down list.
In the field, select the event source from the drop-down list.
The field displays the list of associated event sources (hostnames or IP addresses) after the field is populated.
In the table, click to select all the files in the table.
or
Select each file separately.
The table displays the list of local and networked storage raw data files for the selected event source. The and options are enabled only when you select a file from the table.
Click to verify the integrity of the selected files in the networked storage by comparing the hash values for the selected files in the networked storage.
If integrity verification is successful, a green icon is displayed next to the filename in the column. If verification fails, a red icon is displayed.
The hash is computed and updated in database for the files in the networked storage, but not for the local raw data files. Because the raw data files are updated until they are moved to networked storage, the hash value cannot be computed or updated for these files. It is not possible to check the integrity of the local raw data files.
Select the raw data file, then click to download the selected networked storage and local raw data files.
The selected files are downloaded in the form of a zip file that contains a .csv (comma separated values) file. If the networked storage files are selected, the zip file also contains a hash file corresponding to each of the networked storage files downloaded.
The SHA-256 algorithm is used to generate the file hash and the generated hash is Base64 encoded.
Select , then click .