The Sentinel Health page provides information such as CPU utilization, processing, queue status, garbage collection, and so on about various components of Sentinel. The health page enables you to assess the health of Sentinel and also helps you find out the components that are potentially causing decrease in the overall Sentinel performance. You can view the Sentinel Health page in Sentinel Web interface > Storage > Health tab.
The Component information section provides information about the CPU utilization by various components of Sentinel. The CPU utilization is expressed in the percentage of time. High percentage of CPU utilization, such as more than 60%, might indicate a potential problem with the processing of the particular component. You can investigate further to troubleshoot the component and optimize the Sentinel performance.
The General Information section provides information about the processing of data such as events, alerts, and audit events, alert creation, queue status, garbage collection, and so on. Certain components of Sentinel are combined with a queue. While processing the data, each component stores the incoming data into the corresponding queues. If the particular component is slow or unable to process the data, the data starts accumulating into the queue and the queue size increases. Increase in the queue size of a component indicates potential problem with the processing in the component. Therefore, if the Sentinel performance slows down, you can inspect the queue sizes in the General Information section to find out the component causing decrease in sentinel performance, and then troubleshoot the component. For example, if the Events queued for Correlation increases beyond 70%, it indicates a problem in the correlation rules evaluating the events. You can modify the correlation rules accordingly.