Table of Contents
Advertisement
Create and modify filters
Use filters to format data
Use filters to determine event routing
View system statistics about the Data Access Service
Start and Stop system components
Configure Sentinel event fields
Configure the mapping service
Create new options for right-click event menus
Aggregate data for reporting
Create users and assign them to roles for workflows
Manage user sessions
1.1.7 Correlation
The Correlation tab provides an interface to create and deploy rules to detect suspicious or malicious
patterns of events.
In the Correlation tab, you can:
Create and edit rules
Deploy/Undeploy rules
Add an action and associate it to a rule
Configure dynamic lists
1.1.8 Event Source Management
The Event Source Management (ESM) interface is available through the Sentinel Control Center
menu. It allows you to manage and monitor connections between Sentinel and its event sources
using Sentinel Connectors and Sentinel Collectors.
In the ESM, you can:
Import/export Connectors and Collectors from/to the centralized repository available in ESM
Add/edit connections to event sources through the configuration wizards
View the real-time status of the connections to event sources
Monitor data flowing through the Collectors and Connector
Sentinel Collectors
The Collectors parse the data and deliver a richer event stream by injecting taxonomy, exploit
detection and business relevance into the data stream before events are correlated and analyzed and
sent to the database.
Sentinel Connectors
The Connectors use industry standard methods to connect to the data source to get raw data.
Sentinel Control Center
23
Advertisement
Table of Contents
