Collector Manager |
Sentinel |
java
agentengine (child process) |
Manages Connectors and Collectors. It spawns off an agentengine process for each Collector it manages. Collector Manager also publishes system status messages, performs global filtering of events, and performs referential mappings. The agentengine process runs as an interpreter for Collector scripts, which normalize unprocessed (raw) events from security devices and systems producing event, vulnerability, and asset data that Sentinel can analyze and store in its database. |
Network access (both outgoing access and local access to bind to ports greater than 1024)
File read access to:
-
ESEC_HOME/config
-
ESEC_HOME/lib
-
ESEC_HOME/jre
File write access to:
-
ESEC_HOME/data
-
ESEC_HOME/log
NOTE:Additionally, will need access to other resources depending which Connectors it is configured to run and which Event Sources it connecting to. Please refer to the individual Connector documentation for any additional permission requirements.
|
It communicates with iSCALE for configuration, event processing, and mapping data.
It reads local configuration files and uses the java executable.
It writes log files as well as caches data in the local file system. |