Skip to content

Architecture

To provide comprehensive security coverage, a log ingestion platform must be both flexible in how it collects data and intelligent in how it processes it. The SenseOn architecture is built on these principles. This document outlines the versatile deployment models available for bringing data into the platform from across your entire digital estate. It then explains the tiered Log Paths, which ensure each log is processed cost-effectively and according to its security value—whether for simple storage, immediate alerting, or deep contextual enrichment.

Deployment Models

To accommodate the diverse nature of modern IT environments, from cloud APIs to legacy on-premises systems, SenseOn offers three flexible deployment models. Each model is designed to solve a different collection challenge, and they can be mixed and matched to create a tailored ingestion solution. This ensures that no matter where a log source resides or how it transmits data, it can be seamlessly integrated into the platform.

  • Receive. The simplest deployment, where you send logs over the Internet to a log sink managed by SenseOn.
  • Relay. Where a log collector is used within your estate which can transform and filter logs.
  • Retrieve. Where SenseOn accesses the logs which are stored in another system, such as in an S3 or other object storage bucket.

Receive

Sending your logs to SenseOn is the easiest deployment approach. You simply reconfigure log destinations to point to a SenseOn-managed receiver. This means you can see immediate value, with data flowing within minutes of configuration.

It also means you have no new infrastructure to configure or manage, as SenseOn will manage the entire log ingestion pipeline using the technologies and approaches which suit you. SenseOn can receive data over any standard log transport protocol or method, including Syslog, OpenTelemetry, Filebeat, or cloud-native pipelines such as the AWS Kinesis Data Firehose.

Relay

The relay mode is recommended for high-volume deployments, such as where monitoring containerised workloads or where additional pre-filtering to reduce transmission or storage costs is required.

In relay mode, one or more log forwarders are set up and managed by you within your environment. This may be required for security compliance purposes, as data is transformed or filtered within your boundary. Optionally, an existing SenseOn network probe can be configured as a log forwarder.

Retrieve

SenseOn can pull in logs from any location. This is most commonly used for API-only data sources which do not transport logs natively. Retrieve data sources should only be used when no alternatives exist. SenseOn professional services will create the ability to ingest these logs and manage the infrastructure required. This is a premium service for unique requirements.

Log Pipelines

SenseOn offers three log pipelines, each designed to deliver a different level of processing and analysis based on the log's importance and intended use. This tiered approach ensures that high-value logs receive the attention they deserve, while less critical logs are stored efficiently for future reference.

đź’ˇ Note: Logs can be sent to multiple pipelines simultaneously if needed, allowing for flexible data handling and better cost management. For example, logs can be retained for compliance in long term archival storage while also being analysed for threat detection for a shorter period.

Detection & Response

High-value logs are actively analysed and correlated across your environment to detect threats and generate intelligent alerts, enabling rapid security response.

Observability

Logs are stored in warm, queryable storage for visualisation, search, and investigation.

Compliance

Long-term immutable archival storage maintains logs in their original format for auditing, regulatory requirements, and historical retrieval.