Sentinel ArchitectureA441novdocx (en) 7 January 2010ASentinel ArchitectureSentinel is a security information and event management (SIEM) solution that automates thecollection, analysis and reporting of system network, application and security logs to helporganizations manage IT risk.This section discusses the functional and technical architecture of Sentinel. Section A.1, “Sentinel Features,” on page 441 Section A.2, “Functional Architecture,” on page 441 Section A.3, “Architecture Overview,” on page 442 Section A.4, “Logical Architecture,” on page 452A.1 Sentinel FeaturesSentinel allows you to monitor and manage a variety of functions. Some of the main functionsinclude: Real-time views of large streams of events Reporting capabilities based on real-time and historical events Managing users and what they are able to see and do by permission assignment Managing access to events for different users Organizing events into incidents for efficient response management and tracking Detecting patterns in events and streams of events An intuitive and flexible rule-based language for correlation Rules compiled for high performance Scalable, multi-threaded, distributable, and extensible architectureSentinel processes communicate with each other through a message-oriented middleware (MOM).A.2 Functional ArchitectureSentinel is composed of the following component subsystems, which form the core of the functionalarchitecture: Section A.3.1, “iSCALE Platform,” on page 442: An event-driven scalable framework. Section A.3.3, “Event Source Management,” on page 447: An extensible framework built tomanage and monitor connections between Sentinel and third-party event sources, usingSentinel Connectors and Sentinel Collectors.In addition to ESM, there are a number of subcomponents that are hosted by a distributableservice called the Collector Manager. This service can be installed on a number of systems tobalance the processing load or for scalability. The data collection components are downloadedfrom the Novell Content Web page and are installed to the Collector Managers via a centralESM interface. Section A.3.4, “Application Integration,” on page 448: An extensible application framework.