We changed our name from IT Central Station: Here's why

NetIQ Sentinel OverviewUNIXBusinessApplication

NetIQ Sentinel is #32 ranked solution in top Security Information and Event Management (SIEM) tools. PeerSpot users give NetIQ Sentinel an average rating of 8 out of 10. NetIQ Sentinel is most commonly compared to Microsoft Sentinel: NetIQ Sentinel vs Microsoft Sentinel. The top industry researching this solution are professionals from a computer software company, accounting for 32% of all views.
What is NetIQ Sentinel?
NetIQ Sentinel is a full-featured Security Information and Event Management (SIEM) solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers the true "actionable intelligence" security professionals need to quickly understand their threat posture and prioritize response.

NetIQ Sentinel was previously known as Novell SIEM.

Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: January 2022

NetIQ Sentinel Customers
Faysal Bank, GaVI, Handelsbanken, ISC Mªnster, Lambeth Council, Swisscard, The Municipality of Siena, Tukes, University of Dayton, University of the Sunshine Coast
NetIQ Sentinel Video

NetIQ Sentinel Pricing Advice

What users are saying about NetIQ Sentinel pricing:
"We inquired about getting support from the vendor, Micro Focus, but the cost was very high."

NetIQ Sentinel Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Dennis Dirks
Compliancy, Security & Identity consultant at TMD informatisering BV
Consultant
The business intelligence engine keeps track of everything and alerts us of anything unexpected
Pros and Cons
  • "One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
  • "This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."

What is our primary use case?

There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. 

We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. 

We have this solution deployed on-prem. 

What is most valuable?

One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. 

Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this. 

What needs improvement?

This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions. 

As for additional features, even when I compare it to other systems, like Splunk, I think we've covered most things. 

For how long have I used the solution?

I have been working with NetIQ Sentinel since 1997. We are a Micro Focus NetIQ partner, and I do their advanced technical trainings on Sentinel for them. 

What do I think about the stability of the solution?

This product is very reliable and trustworthy. 

What do I think about the scalability of the solution?

This solution is easy to scale up until about 24,000 events per second. After that, if you require more—which is an unbelievably large amount of events happening every second—you can change portions of the system to include things like Hadoop technology, and then it will scale to whatever. So it's pretty easy to scale, up until 24,000 events per second, and after that, installing Cloudera and Hadoop and all the other stuff is a bit challenging, but I've only seen one customer reach that amount of events per second. 

It's usually large companies that go for this solution. This technology is frequently used by credit card companies, school districts, and universities. This is because there is a special price—solutions like this are usually pretty expensive and can easily run into 200,000 euros a year, but school districts get it for something like four euros per employee, with the same functionality. For them, it's a very cheap way to get an enterprise-level solution, but apart from that special price, it's usually the large companies that invest in something like this. Small- to medium-sized companies sometimes have a requirement for this because of regulations concerning credit card transactions, so we offer to host that for them and they use our shared installation. 

How are customer service and support?

Technical support for Micro Focus/NetIQ has always been very good. Maybe it's not the easiest to obtain, but if you have a developer's license and a support contract with them, they have 24-hour, worldwide support people who can do a dial-in if necessary. I'm always able to speak to a support engineer with knowledge about the products within hours when I need it.  

How was the initial setup?

The deployment process is pretty straightforward. Micro Focus/NetIQ provides you with a virtual appliance, so if you run it on any virtual platform, you just deploy that, start it up, and it guides you through the process, asking for things like the IP address, passwords, time zone, and stuff like that. The setup process takes about 45 minutes, and then you have a running system. It's pretty easy to set up. 

What about the implementation team?

Our company provides implementation services to customers. 

What's my experience with pricing, setup cost, and licensing?

You need a support contract with NetIQ for maintenance. You can download the updates for the underlying operating system, which is a secured and drilled-down version of SUSE Linux. For the product itself, you basically upgrade it every time there is a new version coming out, which is usually once or twice a year. 

What other advice do I have?

I rate NetIQ a nine out of ten. 

My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 10
Stable and works well for certain use cases, but it is inflexible and the technical support needs improvement
Pros and Cons
  • "The stability is phenomenal and we never had any issues with downtime or even had to restart."
  • "You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."

What is our primary use case?

NetIQ Sentinel is a security information and event management tool that makes up part of our security solution. We are in the process of migrating to a new solution.

What is most valuable?

The use cases that it was made for, such as server monitoring, worked very well.

What needs improvement?

Frankly speaking, we did not find this product to be valuable, at all.

You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced.

When we integrated with other log management solutions, the password was not there. We also found it very difficult to create a custom password and in the end, we didn't succeed.

Trying to do something new, outside of use cases like server monitoring, was difficult and we could not do much.

For how long have I used the solution?

I have been working with NetIQ Sentinel for almost two years.

What do I think about the stability of the solution?

The stability is phenomenal and we never had any issues with downtime or even had to restart.

What do I think about the scalability of the solution?

This product did not scale for us. I'm not saying that it was a problem with the product but we had trouble finding the skills and knowledge required for this tool. As our environment started growing, we had to buy new tools.

How are customer service and technical support?

We have had a lot of problems and Micro Focus technical support was not able to help us. They may have different levels of support packages available, but in our experience, we had to write two or three emails back and forth before we got anything reasonable in response. With other vendors, we have a technical account manager that we can reach out to when we are having problems. This is completely missing in NetIQ Sentinel.

Which solution did I use previously and why did I switch?

We are currently in the process of migrating from NetIQ Sentinel to IBM QRadar.

How was the initial setup?

This product had been implemented by somebody else a few years ago, before I joined the company.

What about the implementation team?

We are a small company with an in-house technical services team.

What's my experience with pricing, setup cost, and licensing?

We inquired about getting support from the vendor, Micro Focus, but the cost was very high.

What other advice do I have?

Whether I would recommend this solution to anyone would depend on their environment. Maybe if they have a hybrid cloud environment then they would not have faced the challenges that we did. As it was on-premises and completely owned by us, we had a lot of trouble with managing the tool. Once it is running, it runs well, but when it comes to adding new devices to it, we always faced issues.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Micro Focus, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: January 2022.
564,729 professionals have used our research since 2012.
CEO at ITCORE
Reseller
Top 20
Makes it easier to create queries

How has it helped my organization?

Sentinel has improved the user experience inside. It is easier to create queries. 

What is most valuable?

The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this. 

What needs improvement?

The dashboard and customer view should be improved In the next release, I would like for there to be monitoring inside the sentinel.

For how long have I used the solution?

I have used NetIQ for 18 months.

What do I think about the stability of the solution?

Stability is very good.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

Their customer support is very good. 

How was the initial

How has it helped my organization?

Sentinel has improved the user experience inside. It is easier to create queries. 

What is most valuable?

The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this. 

What needs improvement?

The dashboard and customer view should be improved

In the next release, I would like for there to be monitoring inside the sentinel.

For how long have I used the solution?

I have used NetIQ for 18 months.

What do I think about the stability of the solution?

Stability is very good.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

Their customer support is very good. 

How was the initial setup?

The initial setup was very easy. It took around one or two weeks.

What other advice do I have?

I would rate NetIQ a ten out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Micro Focus, Splunk, IBM, and more!