Logical Architecture; A.4 Logical Architecture - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

These processes are controlled by the following configuration files:
das_binary.xml: Used for event and correlated event insertion operations
das_core.xml: All other database operations
DAS receives requests from the different Sentinel processes, converts them to a query against the
database, processes the result from the database, and converts it back to a reply. It supports requests
to retrieve events for Quick Query and Event Drill Down, in order to retrieve vulnerability
information and advisor information and to manipulate configuration information. DAS also handles
logging of all events being received from the Collector Manager and requests to retrieve and store
configuration information.
Correlation Engine Process (correlation_engine)
The correlation engine (correlation_engine) process receives events from the Collector Manager and
publishes correlated events based on user-defined correlation rules.
Collector Manager
The Collector Manager services, processes, and sends events.
ActiveMQ
An open source communication server built around the message-oriented middleware (MOM)
architecture. It provides the communication platform for all other Sentinel processes.

A.4 Logical Architecture

Sentinel is composed of three logical layers: the collection and enrichment layer, the business logic
layer, and the presentation layer.
Section A.4.1, "Collection and Enrichment Layer," on page 399
Section A.4.2, "Business Logic Layer," on page 403
Section A.4.3, "Presentation Layer," on page 409
398 Sentinel 6.1 Rapid Deployment User Guide