C.1 Integration Architecture

Novell Sentinel is a security information and event management solution that receives information from many sources throughout an enterprise, then standardizes the information, prioritizes it, and then presents it to you so that you can make threat, risk, and policy-related decisions. The Sentinel Control Center (SCC) is the main user interface for viewing and interpreting this data. For overall information about Novell Sentinel, see the Novell Sentinel 6.1 product documentation Web site.

PlateSpin Orchestrate can be configured to send log events to Sentinel over a single SSL connection (typically port 1443). The events are sent in RFC5424 (syslog) format, and are received by the Sentinel Event Source Server, which, for each event, parses the syslog header, and then hands the event over to the PlateSpin Orchestrate Collector plug-in for Sentinel. The Sentinel collector parses the encapsulated PlateSpin Orchestrate log event and then performs normalization tasks before finally submitting it to the Sentinel event processing engine. These normalization tasks include mapping PlateSpin Orchestrate log levels to Sentinel numerical event severities and extracting event metadata.

Figure C-1 Simplified Architecture for PlateSpin Orchestrate Collector Integration