Skip to content

Deployment model

A typical LogSentinel SIEM deployment consists of three components:

  1. LogSentinel SIEM Server (SaaS or on-premise) - receiving, enriching and correlating data
  2. LogSentinel Collector (on-premise) - agentless collection appliance, supporting a wide range of source to collect logs from
  3. Optional lightweight endpoint agents (on-premise) - collecting system information, integrity information and logs from endpoints

The overall architecture looks as follows:

LogSentinel SIEM architecture