SentinelOne
Endpoint security software that defends every endpoint against every type of attack, at every stage in the threat lifecycle.
Chronicle Data Types
- Alert
- EDR
Configuration - Syslog
CYDERES prefers the forwarding of alerts from SentinelOne's syslog options.
- In the SentinelOne management console, navigate to Settings
- Select a Scope: All Sites (Global)
- In the Settings view, click Integrations
-
Click SYSLOG
-
If Syslog is not enabled, move the toggle to enable it
- In Host enter the hostname and port provided to you by CYDERES
- Select Use TLS secure connection. If you do not select this, UDP is used by default
- In Formatting, select the log format: CEF2
- Click TEST
- If the test passed, click SAVE
Configuration - Deep Visibility
SentinelOne can provide full endpoint telemetry data from a feature called Deep Visibility/Hermes. SentinelOne provides a Kafka queue with the event data which CYDERES can subscribe to. More information can be found on their support page:
-
Once the Deep Visibility/Hermes license has been purchased, SentinelOne will provide the following:
- Kafka Topic Name
- Kafka Broker address
- Consumer Username
- Consumer Password
Gather Information
Provide the following information to CYDERES for implementation.
- Kafka Topic Name
- Kafka Broker address
- Consumer Username
- Consumer Password