Sentinel 6 delivers a centralized event source management framework to facilitate data source integration. This framework enables all aspects of configuring, deploying, managing and monitoring data collectors for a broad set of systems, which include databases, operating systems, directories, firewalls, intrusion detection/prevention systems, antivirus applications, mainframes, Web and application servers, and many more.
Using adaptable and flexible technology is central to Sentinel's event source management strategy, which is achieved through interpretive Collectors that parse, normalize, filter and enrich the events in the data stream.
These Collectors can be modified as needed and are not tied to a specific environment. An integrated development environment allows for interactive creation of Collectors using a "drag and drop" paradigm from a graphical user interface. Non-programmers can create Collectors, ensuring both current and future requirements are met in an ever-changing IT environment. The command and control operation of Collectors (for example, start, stop) is performed centrally from the Sentinel Control Center. The event source management framework takes the data from the source system, performs the transformations and presents the events for later analysis, visualization and reporting purposes. The framework delivers the following components and benefits:
Collectors: Parse and normalize events from various systems
Connectors: Connect to the data source to get raw data
Taxonomy: Allows data from disparate sources to be categorized consistently
Filtering: Eliminates irrelevant data at the point of collection, saving bandwidth and disk space.
Business relevance: Offers a way to enrich event data with valuable information
Collector builder: An Integrated Development Environment (IDE) for building custom collectors to collect from unique or proprietary systems
Live view: User interface for managing live event sources.
Scratch pad: User interface for offline design of event source configuration.