...
It automates incident response processes, reducing the time to detect and respond to security incidents. When a potential threat is detected, the solution automatically initiates incident response workflows, such as isolating the affected endpoint, blocking malicious traffic, and alerting security teams.
Device Information
Entity | Particulars |
|---|---|
Vendor Name | SentinelOne |
Product Name | EDR (Alert) |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log collection method | Data Source |
|---|---|---|---|---|
Sentinelone Alerts | SENTINELONE_ALERT | API - JSON | C2C | https://cloud.google.com/chronicle/docs/reference/feed-management-api#sentinelone-alert |
Device Configuration
| Info |
|---|
For log collection we need FQDN name of your SentinelOne API and API Token Key from customer which need to use in sensor configuration. |
Steps to To create API Token:
Prerequisite: Need a user in the device which has Viewer role assigned.
Log in to Device Management Console, go to extreme right corner and click on User Name -> My User.
...
Pop up window will display on the browser
Click on Generate API Token.
Copy the API token.
...
Integration Parameters
Parameter Display Name | Default Value | Description |
|---|---|---|
AUTHENTICATION HTTP HEADERS | N/A | The HTTP header used to authenticate SentinelOne Alerts/Threats & static-indicator API in "key:value" format. |
API HOSTNAME | N/A | The fully qualified domain name of your SentinelOne API. |