10.0 Installation Overview

The default Sentinel installation installs the following components in the Sentinel server:

  • Sentinel server process: This is the primary component of Sentinel. The Sentinel server process processes requests from other components of Sentinel and enables seamless functionality of the system.The Sentinel server process handles requests, such as filtering data, processing search queries, and managing administrative tasks that include user authentication and authorization.

  • Web server: Sentinel uses Jetty as its Web server to allow secure connection to the Sentinel Main interface.

  • PostgreSQL database: Sentinel has a built-in database that stores Sentinel configuration information, asset and vulnerability data, identity information, incident and workflow status, and so on.

  • MongoDB database: Stores the Security Intelligence data.

  • Collector Manager: Collector Manager provides a flexible data collection point for Sentinel. The Sentinel installer installs a Collector Manager by default during installation.

  • NetFlow Collector Manager: The NetFlow Collector Manager collects network flow data (NetFlow, IPFIX, and so on) from network devices such as routers, switches, and firewalls. Network flow data describes basic information about all network connections between hosts including packets and bytes transmitted, which helps you visualize the behavior of individual hosts or the entire network.

  • Correlation Engine: Correlation Engine processes events from the real-time event stream to determine whether they should trigger any of the correlation rules.

  • Advisor: Advisor, powered by Security Nexus, is an optional data subscription service that provides device-level correlation between real-time events, from intrusion detection and prevention systems, and from enterprise vulnerability scan results. For more information about Advisor, see Detecting Vulnerabilities and Exploits in the NetIQ Sentinel Administration Guide.

  • Sentinel plug-ins: Sentinel supports a variety of plug-ins to expand and enhance system functionality. Some of these plug-ins are preinstalled. You can download additional plug-ins and updates from the Sentinel Plug-ins website. Sentinel plug-ins include the following:

    • Collectors

    • Connectors

    • Correlation rules and actions

    • Reports

    • iTRAC workflows

    • Solution packs

  • Visualization dashboards: Sentinel leverages Kibana, a browser-based analytics and search dashboard, that helps you to search, visualize, and analyze data. By default, Sentinel provides customizable visualization dashboards that help you to view and analyze events and alerts in detail.