10.0 Installation Overview

Sentinel server and Web server processes: The Sentinel server process processes requests from other components of Sentinel and enables seamless functionality of the system.The Sentinel server process handles requests, such as filtering data, processing search queries, and managing administrative tasks that include user authentication and authorization.

PostgreSQL database: Sentinel has a built-in database that stores Sentinel configuration information, asset and vulnerability data, identity information, incident and workflow status, and so on.

MongoDB database: Stores the Security Intelligence and alerts data.

Elasticsearch: Indexes events and alerts for searching and visualization.

Collector Manager: Collector Manager provides a flexible data collection point for Sentinel. The Sentinel installer installs a Collector Manager by default during installation.

Elasticsearch: An optional data storage component to store and index data.By default, Sentinel includes an Elasticsearch node. If you expect large EPS, more than 2500, you must deploy additional Elasticsearch nodes in a cluster.

Correlation Engine: Correlation Engine processes events from the real-time event stream to determine whether they should trigger any of the correlation rules.

Advisor: Advisor, powered by Security Nexus, is an optional data subscription service that provides device-level correlation between real-time events, from intrusion detection and prevention systems, and from enterprise vulnerability scan results. For more information about Advisor, see Detecting Vulnerabilities and Exploits in the Sentinel Administration Guide.

Sentinel plug-ins: Sentinel supports a variety of plug-ins to expand and enhance system functionality. Some of these plug-ins are preinstalled. You can download additional plug-ins and updates from the Sentinel Plug-ins website. Sentinel plug-ins include the following: