For those of you who watch our download site with bated breath, you may
have noticed that Sentinel 7.2 was very recently released and is now
available for download! We recommend this release for most customers
since it incorporates a number of really nice new features as well as a
host of performance and stability improvements.

Here's a quick summary of the new features and changes - note that this
rolls up everything since 7.1:

NetIQ Sentinel is an industry-leading SIEM solution focused on providing
powerful analytics through simple operation. The 7.2 release extends
Sentinels powerful analytics, introducing new techniques for detection
of network-based threats and the integration of Threat Intelligence
feeds into Sentinels analytics engine for more effective threat triage
and prioritization. Sentinel 7.2 also rolls up new features and fixes
released since Sentinel 7.1.

What's New in Sentinel 7.2?

- *New network behavior analytics*: Sentinel can now directly consume
and visualize network flow data (NetFlow/IPFIX) to help security
analysts understand and look for anomalies in the network behavior of
hosts in the enterprise environment.
- *Pre-packaged Threat Intelligence feeds*: Common sources of
internet-based threat intelligence can now be enabled with the click
of a button and easily incorporated into analytic rules to detect
internal hosts that have been compromised. This new feature is
supported by a bundled Threat Intelligence Solution Pack that includes
enhanced content.
- *Enhanced correlation flexibility*: Extensions to the correlation
rule language now support more powerful rules to detect subtle threats
such as attack probes and reconnaissance activity.
- *High Availability (HA) appliance*: Sentinel 7.1 introduced high
availability to the traditional software installation, now HA is
available in a version of the soft appliance for simplified roll-out
of robust, fault-tolerant Sentinel environments.
- *Tighter internal security policies*: Sentinel administrators can
now enforce password complexity requirements on internal Sentinel
users without relying on an external directory for this purpose.
- *Faster and easier reporting*: The existing "favorites" capability
has been extended to support organization of commonly-used reports
into folders for ease of access.
- *Detailed rule testing*: The existing correlation rule testing
capability has been extended to improve usability and expose the raw
events selected when testing a given rule.
- *Major stability and performance improvements*: Sentinel 7.2
significantly improves the overall stability of the platform,
especially relating to agent-based data collection and the impact of
the new NetFlow data.
- *Updated Collector for Microsoft Windows*: This key component has
been updated and improved for more accurate and efficient collection
of critical Windows and Active Directory data, combining both
agent-based and agent-less approaches into a unified solution.

NetIQ Sentinel 7.2 helps close security intelligence gaps to more
quickly identify and disrupt threats before they cause damageprotecting
your most sensitive information assets and easing the burden of
demonstrating compliance.

Helpful Resources

- Download installers for a new Sentinel deployment here:
- Download patches for an existing Sentinel system here: - or use the
appliance update process.
- Documentation is available here:

DCorlette's Profile:
View this thread: