The Sentinel installation installs the following components in the Sentinel server:
Sentinel server process: This is the primary component of Sentinel. The Sentinel server process processes requests from other components of Sentinel and enables seamless functionality of the system.The Sentinel server process handles requests, such as filtering data, processing search queries, and managing administrative tasks that include user authentication and authorization.
Web server: Sentinel uses Jetty as its Web server to allow secure connection to the Sentinel Web interface.
PostgreSQL database: Sentinel has a built-in database that stores Sentinel configuration information, asset and vulnerability data, identity information, incident and workflow status, and so on.
MongoDB database: Stores the Security Intelligence data.
Collector Manager: Collector Manager provides a flexible data collection point for Sentinel. The Sentinel installer installs a Collector Manager by default during installation.
Correlation Engine: Correlation Engine processes events from the real-time event stream to determine whether they should trigger any of the correlation rules.
Advisor:
Advisor, powered by Security Nexus, is an optional data subscription service that provides device-level correlation between real-time events, from intrusion detection and prevention systems, and from enterprise vulnerability scan results. For more information about Advisor, see Configuring Advisor
in the NetIQ Sentinel 7.1 Administration Guide.
Sentinel plug-ins: Sentinel supports a variety of plug-ins to expand and enhance system functionality. Some of these plug-ins are preinstalled. You can download additional plug-ins and updates from the Sentinel Plug-ins Web site. Sentinel plug-ins include the following:
Collectors
Connectors
Correlation rules and actions
Reports
iTRAC workflows
Solution packs
Sentinel has a highly scalable architecture, and if high event rates are expected, you can distribute components across several machines to achieve the best performance for the system. Independent scaling of components provides cost‐effective scalability and performance.