Use the following checklist to plan, install, and configure Sentinel.
If you are upgrading from a previous version of Sentinel, do not use this checklist. For information about upgrading, see Section V, Upgrading Sentinel.
|
|
Tasks |
See |
|---|---|---|
|
|
Review the product architecture information to learn about Sentinel components. |
|
|
|
Review the Sentinel licensing information to determine whether you need to use the evaluation license or the enterprise license of Sentinel. |
|
|
|
Assess your environment to determine the hardware configuration. Ensure that the computers on which you install Sentinel and its components meet the specified requirements. |
|
|
|
Determine the type of deployment suitable for your environment based on the events per second (EPS). Determine the number of Collector Managers and Correlation Engines you need to install to improve performance and load balancing. |
|
|
|
Review the latest Sentinel release notes to understand the new functionality and the known issues. |
|
|
|
Install Sentinel. |
|
|
|
Configure Sentinel. |
|
|
|
Sentinel includes out-of-the-box correlation rules. Some correlation rules are configured by default, to execute an action that sends an email when the rule fires, such as the Notify Security Admin action. Therefore, you must configure the mail server settings in the Sentinel server by configuring the SMTP Integrator and the Send Email action. |
SMTP Integrator and Send Email action documentation on the Sentinel Plug-ins website. |
|
|
Install additional Collectors and Connectors as needed in your environment. |
Section 16.0, Installing Additional Collectors and Connectors. |
|
|
Install additional Collector Managers and Correlation Engines as needed in your environment. |