As the question states, I am wondering whether it is somehow possible to
take raw data files and import them in Sentinel so the events would be
searchable from the webUI. For example this might be useful in cases
where we were retaining raw events for a longer retention interval than
the normalized event data but we later needed to run reports against
event data that had already been groomed out.

I'm guessing no, but just thought I would check. :-)

netiquslaie's Profile: https://forums.netiq.com/member.php?userid=11227
View this thread: https://forums.netiq.com/showthread.php?t=57692