Sentinel Terminology

A utility that parses the data and delivers a richer event stream by injecting taxonomy, exploit detection, and business relevance into the data stream before events are correlated, analyzed, and sent to the database.

A utility that uses industry standard methods to connect to the data source to get raw data.

A policy that defines the duration for which the events remain before they are deleted from the Sentinel Log Manager server.

The applicator or system that logs the event.

ESM. The interface that allows you to manage and monitor connections between Sentinel and its event sources by using Sentinel Connectors and Sentinel Collectors.

EPS. A value that measures how fast a network generates data from its security devices and applications. It is also a rate on which Sentinel Log Manager can collect and store data from the security devices.

Plug-ins that allow Sentinel systems to connect to other external systems. JavaScript actions can use Integrators to interact with other systems.

The unprocessed events that are received by the connector and sent directly to the Sentinel Log Manager message bus and then written to the disk on the Sentinel Log Manager server. Raw data varies from Connector to Connector because of the format of the data stored on the device.