Sentinel continuously manages security information and events throughout your IT environment to provide a complete monitoring solution.
Sentinel does the following:
Gathers logs, events, and security information from all of the different event sources in your IT environment.
Normalizes the collected logs, events, and security information into a common format.
Stores events in a file-based data store with flexible, customizable data retention policies.
Provides the ability to hierarchically link multiple Sentinel systems, including Sentinel Log Manager.
Allows you to search for events not only on your local Sentinel server, but also on other Sentinel servers distributed across the globe.
Performs a statistical analysis that allows you define a baseline and then compares it to what is occurring to determine if there are unseen problems.
Correlates a set of similar or comparable events in a given period to determine a pattern.
Organizes events into incidents for efficient response management and tracking.
Provides reports based on real time and historical events.
The following figure illustrates how Sentinel works:
Figure 2-1 Sentinel Architecture
The following sections describe Sentinel components in detail: