Novell Doc: Sentinel 6.1 Rapid Deployment User Guide

A.2 Functional Architecture

Sentinel Rapid Deployment is composed of the following component subsystems, which form the core of the functional architecture:

Table A-1 Sentinel Rapid Deployment Components

Components	Description
Sentinel Rapid Deployment Server	The Sentinel Rapid Deployment server runs the core back-end components of the software. There are a number of subcomponents that performs the key functions. ActiveMQ Message Bus: The JMS-based message bus over which the other components communicate with each other. Data Access Services (DAS): Data storage, query, display, and processing components. Correlation Engine: Performs real-time event analysis. iTRAC: A role-based incident-response workflow engine. Jasper Reporting Engine: Open source reporting engine.
Event Source Management (ESM)	An extensible framework built to manage and monitor connections between Sentinel and third-party event sources, by using Sentinel Connectors and Sentinel Collectors. In addition to ESM, there are a number of subcomponents that are hosted by a distributable service called the Collector Manager. This service can be installed on a number of systems to balance the processing load or for scalability. The data collection components are downloaded from the Novell Sentinel Content page and are installed to the Collector Managers via a central ESM interface.
Event Source	An event source can be a device, an operating system, a database, or an application. The actual event sources are represented in ESM and can be configured with certain meta information.
Connector	Connectors perform protocol-based communications with the event source. For example, over JDBC, Syslog, WMI, file reads, etc.
Collectors	Collectors are used to parse data from a specific event source and normalize the data into Sentinel's standard event schema.
Advisor	A key vulnerability or attack information service that helps you enhance your security posture. For example, the Exploit Detection feature of Advisor reduces false positives from intrusion detection systems.
Solution Packs	The Solution Pack framework provides the ability to group various types of content, such as reports, rules, data enrichment, remediation actions, and workflows. The content is grouped into a familiar control framework. Solution Packs can be built around specific business issues like PCI compliance, and partners can extend and customize them for industry-specific solutions.
User Applications	Sentinel includes the following three key user applications: Sentinel Control Center (SCC) An SCC interface includes the Event Source Management and Solution Manager interfaces. Solution Designer that creates Solution Packs. Sentinel Database Manager
Collector Builder	The Collector Builder helps you develop new Collectors from scratch by using the proprietary language. It is similar to an IDE. Sentinel Rapid Deployment provides the ability to develop Collectors in Java Script by using the third-party tools like Eclipse.
PostgreSQL Server	Sentinel requires a back-end database component to store the data. Sentinel Rapid Deployment uses a PostgreSQL database that is installed with Sentinel Rapid Deployment installation. The database can be used with all the required schema.
Tomcat Server	For generating reports and event search features on Web UI. It provides Sentinel Applications to launch and install through the Web interface.