Correlation Engine |
Sentinel |
java |
Receives events from the Collector Manager and publishes correlated events based on user-defined correlation rules. |
Network access
File read access to:
-
ESEC_HOME/config
-
ESEC_HOME/lib
-
ESEC_HOME/jre
File write access to:
-
ESEC_HOME/data
-
ESEC_HOME/log
|
It communicates over the network with iSCALE for configuration, event processing, and correlated event generation.
It reads local configuration files and uses the java executable.
It writes log files as well as caches data in the local file system. |