Sentinel Architecture 447novdocx (en) 7 January 2010Figure A-5 Vulnerability and Data SourceA.3.3 Event Source ManagementSentinel 6 delivers a centralized event source management framework to facilitate data sourceintegration. This framework enables all aspects of configuring, deploying, managing and monitoringdata Collectors for a broad set of systems, which include databases, operating systems, directories,firewalls, intrusion detection/prevention systems, antivirus applications, mainframes, Web andapplication servers, and many more.Using adaptable and flexible technology is central to Sentinel’s event source management strategy,which is achieved through interpretive Collectors that parse, normalize, filter and enrich the eventsin the data stream.These Collectors can be modified as needed and are not tied to a specific environment. Anintegrated development environment allows for interactive creation of Collectors using a “drag anddrop” paradigm from a graphical user interface. Non-programmers can create Collectors, ensuringboth current and future requirements are met in an ever-changing IT environment. The commandand control operation of Collectors (for example, start, stop and so on) is performed centrally fromthe Sentinel Control Center. The event source management framework takes the data from thesource system, performs the transformations and presents the events for later analysis, visualizationand reporting purposes. The framework delivers the following components and benefits: Collectors: Parse and normalize events from various systems Connectors: Connect to the data source to get raw data Taxonomy: Allows data from disparate sources to be categorized consistently Filtering: Eliminates irrelevant data at the point of collection, saving bandwidth and diskspace. Business relevance: Offers a way to enrich event data with valuable information Collector builder: An Integrated Development Environment (IDE) for building customCollectors to collect from unique or proprietary systems Live view: User interface for managing live event sources. Scratch pad: User interface for offline design of event source configuration.