Sentinel 7.0 is a security information and event management (SIEM) solution as well as a compliance monitoring solution. Sentinel automatically monitors the most complex IT environments and provides the security information required to protect your IT environment.
The following sections outline the key features and functions provided by this version of Sentinel.
Enhancements to the installation program allow you to more easily install Sentinel. For more information, see the Sentinel 7.0.1 Installation Guide.
This release offers a ready-to-run software appliance built on SUSE Studio. Delivered as a VMWare, Xen, or ISO image, and certified to run on all major hypervisors, the software appliance enables you to deploy a cost-effective and simple to use SIEM solution by reducing product deployment complexity and cost. The software appliance can be installed on hardware or in a virtual environment.
This release allows you to easily identify anomalies in your environment. By establishing specific baselines and comparing incoming data to what's normal in your unique environment, Sentinel can deliver better intelligence and faster detection of anomalous activities.You can tune your environment's baselines to detect anomalous events and see how your security and compliance posture changes over a period of time.
Sentinel combines Log Management with Security Information and Event Management in a single unified solution.
This release provides an efficient, file-based event storage tier optimized for long-term archival of events. The new event store provides 10:1 compression, fully supports indexed searches, and speeds up relevant reporting tasks, while still allowing the flexibility to store some or all of your events in a back-end traditional relational database store.
A new graphical rule builder allows you to quickly build event correlation rules directly from the events collected in your environment. Additionally, you can test these rules prior to deployment to reduce false-positive alerting, improve event correlation capabilities, and ultimately deliver improved exploit detection capabilities.
This release provides organizations that have deployed several instances of Sentinel or Sentinel Log Manager in different locations the ability to search events not only on their local Sentinel servers but also on the existing Sentinel and Sentinel Log Manager servers from a single, centralized console.
Novell is phasing out support for Legacy Collectors in the Sentinel product line. In the previous versions of Sentinel, the system displays a warning if you import a Legacy Collector. Starting with version 7.0, clean installations of Sentinel and Collector Manager do not run Legacy Collectors.
NOTE:Legacy Collectors were written using the Legacy Collector Builder application, which is no longer shipped with Sentinel products. Legacy Collectors have been replaced by JavaScript Collectors, which are written using the Sentinel Plug-In SDK, since 2007. JavaScript Collectors are available at the Sentinel Plug-ins Web site (http://support.novell.com/products/sentinel/secure/sentinel61.html).
The following table lists the known issues associated with bugs in Sentinel 7.0:
|
Bug Number |
Description |
|---|---|
|
712723 |
Issue: When you rename a role in the Sentinel Web interface, Sentinel does not update the name in list of all roles in the far left panel. Workaround: Log out of the Sentinel Web interface. When you log back in to the Sentinel Web interface, the role name is updated. |
|
710747 |
Issue: The Security Intelligence Dashboard does not properly display the event count for totals that range from 1,000,000 to 1,100,000. Workaround: There is no solution at this time. |
|
698767 |
Issue: If you select multiple events in the Sentinel Web interface and select the Target/ping or Initiator/ping action, Sentinel displays action output for the first event only. Workaround: There is no solution at this time. |
|
696398 |
Issue: If you change an event field name in the Sentinel Control Center, the change isn’t immediately reflected in the Sentinel Web interface Filter builder. Workaround: Refresh the Web browser to display the event field change in the Sentinel Web interface. |
|
710004 |
Issue: When you have at least one role containing an asterisk (*) in the name, you cannot use ‘*’ as a wild card when searching filters with Share with roles selected from the Sentinel Web interface. Workaround: To use ‘*’ as a wild card when searching filters, rename roles that contain an asterisk. |
|
719708 |
Issue: Accessing the Sentinel REST API documentation from a browser bookmark returns an error. Workaround: Access Sentinel REST API documentation directly from the Sentinel Web interface menu. |
|
713962 |
Issue: Solution Manager does not install correlation rules when a correlation rule with an identical name already exists on the system. A NullPointerException error is logged in the console. Workaround: Ensure all correlation rules have a unique name. |
|
710305 |
Issue: When you execute a Sentinel Link action from the Sentinel Web interface Sentinel displays a success message even when the Sentinel Link Connector integration test failed from the Sentinel Control Center. Workaround: There is no solution at this time. |
|
717679 |
Issue: When the appuser password contains any the of the following special characters, the iTrac feature does not work properly: ‘+’, ‘\’, ‘#’, or ‘,’. The administrator user password provided during a standard configuration installation is used by the admin, dbuser, and appuser. Workaround: Ensure the appuser password does not contain ‘+’, ‘\’, ‘#’, or ‘,’. |
|
719301 |
Issue: When a Sentinel server forwards a correlation event to another Sentinel server, the associated View Triggers link is enabled on the Correlation Events tab even though there are no triggers to display. Workaround: There is no solution at this time. |
|
715986 |
Issue: When a Security Intelligence dashboard and an anomaly definition have identical names, the dashboard link is disabled on the Anomaly Details page. Workaround: Ensure you use unique names when creating dashboards and anomaly definitions. |
|
719875 |
Issue: The Sentinel Web interface displays negative numbers in the Active Search Job Duration and Accessed columns when the Sentinel Web interface computer clock is behind the Sentinel server clock. For example, the Duration and Accessed columns display negative numbers when the Sentinel Web interface clock is set to 1:30 PM and the Sentinel server clock is set to 1:33 PM. Workaround: Ensure the time on the computer you use to access the Sentinel Web interface is the same as or later than the time on the Sentinel server computer. |
|
719244 |
Issue: When the system is under heavy load connections to remote Collector Managers drop and are then re-established minutes later. Workaround: For information on assessing your environment and determining how to handle the number of events generated, see Novell Technical Information Document (TID) # 7009554 “Sentinel 7.0 Performance Monitoring.” |
|
713147 |
Issue: After a Connector is upgraded, Sentinel might not display the latest Connector details in the Plug-in Details window. Workaround: Refresh the ESM user interface by clicking in the ESM toolbar to update the Connector details. |
|
694732 |
Issue: When you use forwarded ports or destination network-address-translation, baseline and trending does not function properly in the Security Intelligence dashboard. Workaround: Append the default port number to the URL when accessing Sentinel baselining in the following instances:
|
|
709072 |
Issue: When running a remote Collector Manager on a Xen system the Sentinel JVM may fail due to a lack of allocated memory and write the following types of messages to the wrapper log file:
Workaround: To ensure the system has sufficient swap space to run the Sentinel JVM, increase the swap space to 2 GB or higher. |
|
695468 |
Issue: Sorting of localized strings does not work correctly in certain languages. If a localized language uses non-ascii characters or characters with diacritical marks, the sorting of strings in these languages does not work. Workaround: There is no solution at this time. |
|
723189 |
Issue: The Sentinel Control Center Configure Action Responsible drop-down list includes temporary users created by the system for job processes, such as a distributed search. Workaround: Ensure you specify a valid Sentinel user. Sentinel deletes each temporary user when the associated job is complete. |
|
723588 |
Issue: When installing Sentinel 7.0 in a non-default location, the Sentinel installation program stops after you accept the license agreement. Workaround: If you are installing Sentinel 7.0 as the root user, do not install the product in a non-default location. If you are installing Sentinel 7.0 as non-root user, ensure you have the appropriate file for your operating system installed before you install Sentinel 7.0 in a non-default location.
|
|
721784 |
Issue: When viewing the Sentinel Web interface from a browser with a language preference of Czech, the Classifier drop-down list is blank when creating a Security Intelligence dashboard. Workaround: To enable the Classifier drop-down list, change your browser language preference to English, or perform the following steps:
|
|
723905 |
Issue: The clean_db.sh script does not accept localized values when running the script in the following languages:
Workaround: Specify values in English to allow the script to run. |
|
722118 |
Issue: When you create a baseline from a category view, Sentinel generates an error message and does not return to the main dashboard page when you click the associated link. Workaround: To get back to the main dashboard page you must log out of the Sentinel Web interface and then log back in. |
|
724574 |
Issue: When you filter on the new or old name of a renamed anomaly, the message Showing X of Y total anomalies uses the total anomaly count of both the old and new name for X. The message should use the number of anomalies matching the name for which you filtered. Workaround: There is no workaround at this time. |
|
703963 |
Issue: Identity Vault Collector 6.1r2 does not support Sentinel 7.0. Workaround: Go to the Cool Solutions Sentinel page for an unsupported workaround. To see and download the most recent Sentinel plug-ins, go to Sentinel Plug-in pagehttp://support.novell.com/products/sentinel/secure/sentinelplugins.html on the Novell Web site. |
The following table lists enhancements and defects fixed in Sentinel 7.0.
The following sources provide information about Sentinel 7.0:
Installation: Novell Sentinel 7.0 Installation Guide.
Online product documentation: Novell Sentinel 7.0 documentation Web site.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2011 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.