2.0 How Sentinel Works

Gathers logs, events, and security information from all of the different event sources in your IT environment.

Normalizes the collected logs, events, and security information into a common format.

Stores events in a file-based data store with flexible, customizable data retention policies.

Provides the ability to hierarchically link multiple Sentinel systems, including Sentinel Log Manager.

Allows you to search for events not only on your local Sentinel server, but also on other Sentinel servers distributed across the globe.

Performs a statistical analysis that allows you define a baseline and then compares it to what is occurring to determine if there are unseen problems.

Correlates a set of similar or comparable events in a given period to determine a pattern.

Organizes events into incidents for efficient response management and tracking.

Provides reports based on real time and historical events.

Section 2.1, Event Sources

Section 2.2, Sentinel Event

Section 2.3, Collector Manager

Section 2.4, Agent Manager

Section 2.5, Correlation

Section 2.6, Security Intelligence

Section 2.7, Incident Remediation

Section 2.8, iTrac Workflows

Section 2.9, Actions and Integrators

Section 2.10, Reports

Section 2.11, Event Analysis

Section 2.12, Sentinel Data Routing and Storage