Event Source Management

Sentinel 6.1 Rapid Deployment delivers a centralized event source management framework to facilitate data source integration. This framework enables all aspects of configuring, deploying, managing and monitoring data Collectors for a broad set of systems, which include databases, operating systems, directories, firewalls, intrusion detection/prevention systems, antivirus applications, mainframes, Web and application servers, and many more.

Using adaptable and flexible technology is central to Sentinel’s event source management strategy, which is achieved through interpretive Collectors that parse, normalize, filter and enrich the events in the data stream.

These Collectors can be modified as needed and are not tied to a specific environment. An integrated development environment allows for interactive creation of Collectors by using a “drag and drop” paradigm from a graphical user interface. Non-programmers can create Collectors, ensuring that both current and future requirements are met in an ever-changing IT environment. The command and control operation of Collectors (for example, starting, stopping, and so on) is performed centrally from the Sentinel Control Center. The event source management framework takes the data from the source system, performs the transformations, and presents the events for later analysis, visualization, and reporting purposes. The framework delivers the following components and benefits:

For trademark and copyright information, see Legal Notices.