Sentinel comprises a broad spectrum of functionality, which caters to various needs of its many customers. You can choose a licensing model that fulfills your needs.
The Sentinel platform provides the following two licensing models:
Sentinel Enterprise: A full-featured solution that enables all the core, real-time visual analytics functions and many additional features. Sentinel Enterprise focuses on SIEM use cases such as real-time threat detection, alerting, and remediation.
Sentinel for Log Management: A solution for log management use cases such as the ability to collect, store, search, and report on data.
Sentinel for Log Management represents a substantial upgrade from the functionality provided in Sentinel Log Manager 1.2.2, and in some cases, significant parts of the architecture have changed. To plan your upgrade to Sentinel for Log Management, see the Sentinel FAQ page.
Depending on the solution(s) and add-ons you purchase, you can buy the appropriate license keys and entitlements to enable the right functionality within Sentinel. Though the license keys and entitlements govern basic access to product features and downloads, you should refer to your purchase agreement and the End-User License Agreement for additional terms and conditions.
The following table outlines the specific services and features available on each of the solutions:
Table 4-1 Sentinel Services and Features
|
Services and Features |
Sentinel Enterprise |
Sentinel for Log Management |
|---|---|---|
|
Core Functionality
|
Yes |
Yes |
|
Sentinel Link |
Yes |
Yes |
|
Data Synchronization |
Yes |
Yes |
|
Event data restoration from archive |
Yes |
Yes |
|
Data Federation (distributed search) |
Yes |
Yes |
|
Correlation
|
Yes |
No |
|
Security Intelligence
|
Yes |
No |