Quote Originally Posted by CeeDubbVA View Post
8.2 will be released in a few weeks, by the end of July. Here's an abbreviated list of what's coming:
  • Sentinel now interfaces with the Micro Focus ArcSight SmartConnector (to be posted on the Sentinel Plug-ins site with other connectors). The initial certification list includes nearly a dozen event sources, including Microsoft Office 365. Additional certified event sources will be listed on the Micro Focus/NetIQ web site as they are tested.
  • Sentinel extends the Kibana dashboards to support Events as well as the previously-supported Alerts.
  • NetFlow data are now treated as other security event data, including the ability to drive correlation rules and generate alerts.
  • Sentinel provides machine learning intelligence to assist in alert escalation.
  • Sentinel can forward events to other systems in CEF (Common Event Format) using the newest Syslog Integrator.
  • Scalability with Change Guardian integration is improved by the introduction of the HTTP Server Connector.
  • Sentinel is certified to run on new platforms (SLES 12 SP3, RHEL 6.9, RHEL 7.4, and RHEL 7.5). The Sentinel appliance is now built on SLES 12 SP3.


There are some misconceptions about the appliance update channel elsewhere in this thread, so here's what's happening with the Sentinel appliance:

The future of the Sentinel appliance is on SLES 12, since SUSE support for SLES 11 is scheduled to end in March 2019. Sentinel 8.2.0.0 will be the last planned Sentinel update on the SLES 11-based NCC channel for appliance updates. Therefore, it's critical that all Sentinel appliance users make plans to upgrade to the new SLES 12-based Sentinel 8.2 appliance.

SUSE does not support an over-the-channel upgrade from SLES 11 to SLES 12, so this is the basic process for an in-place upgrade:
  1. Upgrade the Sentinel appliance to 8.2.0.0 over the old SLES 11-based channel.
  2. Upgrade the SLES OS using a SLES 12 SP3 image (which will be available on Patch Finder).
  3. Run a post-upgrade utility to configure the appliance (also on Patch Finder).
  4. Register the appliance to the new SLES 12-based upgrade channel using your same old registration code.

Future Sentinel and operating system patches will be published on the new channel, and more information will be available in the documentation at release time.

Thanks. Great to hear there's an in-place upgrade process and some great features coming in 8.2.