The Identity Manager Collector parses and normalizes the raw data passed to it by the Audit or Syslog Connector and converts the data into a Sentinel event. The Sentinel event can be visualized in the Active View, processed by the correlation engine, queried in a report, and added to an incident response workflow.
The Identity Manager Collector can also parse non-event data and transform the raw scan data into a format understood by Sentinel. Sentinel then stores the vulnerability data in the database and includes it in the Exploit Detection map. For more detailed information about Sentinel collectors, see the Sentinel Collector Script User’s Guide.