Collector Manager manages data collection, monitors system status messages, and performs event filtering. The main functions of Collector Manager include the following:
Collecting data through the use of Connectors.
Parsing and normalizing data through the use of Collectors.
Collectors collect the information from the Connectors and normalize it. They perform the following functions:
Receiving raw data from the Connectors.
Parsing and normalizing the data:
Translating event-source specific data into Sentinel specific data.
Enriching events by changing the information in the events in a format Sentinel can read.
Event-source specific filtering of events.
Adding business relevance to events through the mapping service:
Mapping events to Identities.
Mapping events to Assets.
Routing events.
Passing the normalized, parsed, and formatted data to the Collector Manager.
Sending health message to the Sentinel server.
For more information about Collectors, see the Sentinel Plug-ins website.
Connectors provide connections from the event sources to the Sentinel system.
Connectors provide the following functionalities:
Transportation of raw event data from the events sources to the Collector.
Connection-specific filtering.
Connection error handling.