Deployment model

A typical LogSentinel SIEM deployment consists of three components:

1. LogSentinel SIEM Server (SaaS or on-premise) - receiving, enriching and correlating data
2. LogSentinel Collector (on-premise) - agentless collection appliance, supporting a wide range of source to collect logs from
3. Optional lightweight endpoint agents (on-premise) - collecting system information, integrity information and logs from endpoints

The overall architecture looks as follows: