...
It automates incident response processes, reducing the time to detect and respond to security incidents. When a potential threat is detected, the solution automatically initiates incident response workflows, such as isolating the affected endpoint, blocking malicious traffic, and alerting security teams.
Device Information
Entity | Particulars |
|---|---|
Vendor Name | SentinelOne |
Product Name | EDR (Alert) |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log collection method | Data Source |
|---|---|---|---|---|
Sentinelone Alerts | SENTINELONE_ALERT | API - JSON | C2C | https://cloud.google.com/chronicle/docs/reference/feed-management-api#sentinelone-alert |
Device Configuration
| Info |
|---|
For log collection we need FQDN name of your SentinelOne API and API Token Key from customer which need to use in sensor configuration. |
...
Pop up window will display on the browser
...
Click on Generate API Token
Copy the API token.
...