Deployment model¶
A typical LogSentinel SIEM deployment consists of three components:
- LogSentinel SIEM Server (SaaS or on-premise) - receiving, enriching and correlating data
- LogSentinel Collector (on-premise) - agentless collection appliance, supporting a wide range of source to collect logs from
- Optional lightweight endpoint agents (on-premise) - collecting system informatin, integrity information and logs from endpoints
The overal architecture looks as follows: