The default Sentinel installation installs the following components in the Sentinel server:
Sentinel server and Web server processes: The Sentinel server process processes requests from other components of Sentinel and enables seamless functionality of the system.The Sentinel server process handles requests, such as filtering data, processing search queries, and managing administrative tasks that include user authentication and authorization.
The Sentinel Web server allows secure connection to the Sentinel Main interface.
PostgreSQL database: Sentinel has a built-in database that stores Sentinel configuration information, asset and vulnerability data, identity information, incident and workflow status, Security Intelligence, alerts data, and so on.
OpenSearch: Indexes events and alerts for searching and visualization. An optional data storage component to store and index data.By default, Sentinel includes an OpenSearch node. If you expect large EPS, more than 2500, you must deploy additional OpenSearch nodes in a cluster
Collector Manager: Collector Manager provides a flexible data collection point for Sentinel. The Sentinel installer installs a Collector Manager by default during installation.
Correlation Engine: Correlation Engine processes events from the real-time event stream to determine whether they should trigger any of the correlation rules.
Sentinel plug-ins: Sentinel supports a variety of plug-ins to expand and enhance system functionality. Some of these plug-ins are preinstalled. You can download additional plug-ins and updates from the Sentinel Plug-ins website. Sentinel plug-ins include the following:
Collectors
Connectors
Correlation rules and actions
Reports
iTRAC workflows
Solution packs