• Votes

    3

    Cisco Firesight should support syslog

    Hi, One of our customers, ACCELYA WORLD S L U, logged the below with us: --- We need to handle events from cisco firesight version 6.x, but we see that the specific ...

  • Votes

    1

    CG reports (.csv) should print events line by line without any report ...

    When the CG reports are generated, the output of the report with the selected events will be displayed in the proper report specific format. Whereas, when the events ...

  • Votes

    2

    VMWare vCenter logs

    vCenter makes most of it's logging available in the Windows Event log for software-based installations, and via Syslog for appliance (VCSA) installations, at least from ...

  • Votes

    1

    brocade collector

    Sentinel does not currently have a brocade collector plugin.

  • Votes

    1

    Micro Focus should have a MS Dynamics collector +

    Micro Focus should have a collector that supports MS Dynamics in the cloud but preferrably all services that a Sentinel customer is using from MS Azure. Here's MS page ...

  • Votes

    1

    Micro Focus should have a AWS collector

    Microfocus should have an AWS collector. Here's AWS page that describes their logging https://aws.amazon.com/answers/logging/centralized-logging/

  • Votes

    1

    Salesforce collector

    Micro Focus should have a Salesforce collector. this from Salesforce describes a very typical usecase: ...

  • Votes

    4

    Checksum for eventdata

    Currently Sentinel creates checksum only for rawdata in secondary storage. There are some cases where checksum is needed to event data as well. -Br, TimoS

  • Votes

    4

    CheckPoint LEA Connector missing critical pieces of information

    I've spotted some flaws on CheckPoint collector. I'm giving one example from blade "URL Filtering" in CheckPoint These fields are : appi_name, matched_category, ...

  • Votes

    2

    Supporting Syslog TCP with Octet Counting Framing

    This framing mode is yet to have a wide acceptance. Also, the latest rsyslog does have an optional mode for this --> ...

  • Votes

    3

    Syslog over TCP needs to recognize NULL characters as message ...

    Some products like Juniper Netscreen use NULL character as a Syslog message delimiter. Our Syslog connector does not treat NULL char as a delimiter and as a result, ...

  • Votes

    5

    Possibility to restart individual Event source via CLI or REST API

    Background: We have severe problems with File Connector log sources and have not get solution for that yet. For some reason file reading hangs occasionaly and never ...

  • Votes

    2

    Kafka connector

    Our client has centralized data storage created on Hadoop. They are transferring data from self designed applications through Apache Kafka. It would be nice to have ...

  • Votes

    1

    IBM zOS Collector

    IBM zOS mainframe collector to help parse and correlate the logs sent to sentinel. This type of collector would help translate RACF logs and Type80 send logs in CEF ...

  • Votes

    4

    Update SSL Certificates

    Please either allow or build in a function to allow the update of an SSL certificate issued from either a third party CA or an internal CA for website functionality. In ...

  • Votes

    3

    File Connector - Keep file offset data stored while moving log source ...

    Now, when moving file log source from cm to another it does not store offset data. This should be fixed. -Br, TimoS

  • Votes

    2

    Correlation Rules Firing - Scheduled Email Alerts

    The ability to have emails from correlation rule event firing to go to a different (or additional) email address during a certain time period would be invaluable. e..g ...

  • Votes

    6

    Support for Oracle Service names instead of SID

    A company may standardize on using service names because when using Oracle RAC. The Sentinel Data Synchronization to Oracle feature is only possible by using the SID of ...

  • Votes

    4

    User behavior analytics(UBA)

    All leading SIEM products provide UBA; its a must feature for any modern-day SIEM. Unavailability of UBA is one of the major reason, competitors take edge in POC demos ...

  • Votes

    5

    Normalize severity against a standard severity scale rather than ...

    Different vendors attribute different severities to certain types of events based on their own internal way of looking at the data. When Sentinel sets the severity, it ...