Table of Contents
Advertisement
Sentinel 6.1 Rapid Deployment Components
Table A-1
Components
Sentinel 6.1 Rapid Deployment
Server
Event Source Management (ESM) An extensible framework built to manage and monitor connections
Event Source
Connector
Collectors
Advisor
Solution Packs
User Applications
386 Sentinel 6.1 Rapid Deployment User Guide
Description
The Sentinel 6.1 Rapid Deployment server runs the core back-end
components of the software. There are a number of subcomponents
that performs the key functions.
ActiveMQ Message Bus: The JMS-based message bus over
which the other components communicate with each other.
Data Access Services (DAS): Data storage, query, display,
and processing components.
Correlation Engine: Performs real-time event analysis.
iTRAC: A role-based incident-response workflow engine.
Jasper Reporting Engine: Open source reporting engine.
between Sentinel and third-party event sources, by using Sentinel
Connectors and Sentinel Collectors.
In addition to ESM, there are a number of subcomponents that are
hosted by a distributable service called the Collector Manager. This
service can be installed on a number of systems to balance the
processing load or for scalability. The data collection components
are downloaded from the Novell Sentinel Content page and are
installed to the Collector Managers via a central ESM interface.
An event source can be a device, an operating system, a database,
or an application. The actual event sources are represented in ESM
and can be configured with certain meta information.
Connectors perform protocol-based communications with the event
source. For example, over JDBC, Syslog, WMI, file reads, etc.
Collectors are used to parse data from a specific event source and
normalize the data into Sentinel's standard event schema.
A key vulnerability or attack information service that helps you
enhance your security posture. For example, the Exploit Detection
feature of Advisor reduces false positives from intrusion detection
systems.
The Solution Pack framework provides the ability to group various
types of content, such as reports, rules, data enrichment,
remediation actions, and workflows. The content is grouped into a
familiar control framework. Solution Packs can be built around
specific business issues like PCI compliance, and partners can
extend and customize them for industry-specific solutions.
Sentinel includes the following three key user applications:
Sentinel Control Center (SCC)
An SCC interface includes the Event Source Management and
Solution Manager interfaces.
Solution Designer that creates Solution Packs.
Sentinel Database Manager
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER