I used Sentinel to collect logs from computers. We deployed Sentinel for a government department with a staff of 2,700. The IT and security teams used Sentinel. They are the only people who used the solution. We had a team of 15 to 20 people in IT. Five to six people needed to use it at most. The rest still use the Power BI dashboards because they get the alerts from Sentinel directly.

We use Sentinel to make managing security events a breeze. It helps us oversee alarms from various platforms in one central hub, all handled through our NOC in the cloud. It is like having a smart assistant that simplifies keeping our digital space safe and sound.

We use the solution to monitor the integration. We can monitor end-to-end from source to destination.

There are a lot of use cases of this solution. For a customer of ours, we connected it to both their active directory and their entrance system: the key card swipe application database. We set up a rule where, when people do not enter the building using their key card and they try to authenticate locally to the active directory, it is considered strange behavior—their account is immediately locked and a message is sent to security. 

We set up the business intelligence engine with a university in Belgium, and the artificial intelligence part of the solution figured out that something strange was happening. What happened was that a professor changed grades for all of his students, which is not strange at all. He authenticated it with the right username and password, but, as far as the artificial intelligence engine was concerned, it was suspicious because he never did that on Tuesday nights at 11:30-ish. Also, when he did authenticate it and change grades, it was usually for a couple of students for the same test, and not for one student for some of his tests. So it was these students who had obtained the username and password combination for the professor and sat outside of the university building, connecting to the wifi and changing his grades. Sentinel caught that, and we were able to prove what happened. 

We have this solution deployed on-prem. 

Our company uses the solution's management stack which has good integration with Sentinel. 

NetIQ Sentinel is a security information and event management tool that makes up part of our security solution. We are in the process of migrating to a new solution.

Primarily, I used a NetIQ Sentinel when I worked as a Security Analyst as a tool to collecting and filtering-out logs in order to investigating whether there's something "interesting" i.e. samples of real attack or malware activities. Sentinel is tool that if it's well configured, it remove from view all unnecessary information like logs about that the user opened a window in the system and shows you only needful entries. It removes data that can obscure your perspective and mislead in investigation.

Later, I used a NetIQ Sentinel more "administratively", which means that I created/remove/change a new event source and/or also investigate why they hasn't sent anything to log collector. I can tell that from administration perspective the interface of Sentinel is also very simple to operate and navigate. When interface is intuitive as in case of Sentinel, there's no need a special effort to done your job faster, convenient and with high performance.

We are using this solution for logging.

Our environment is an on-premises deployment.