When you configure your SentinelOne to send log data to USM Appliance, you can use the SentinelOne plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | SentinelOne |
| Device Type | Endpoint Security |
| Connection Type | Syslog |
| Data Source Name | sentinelone |
| Data Source ID | 1897 |
Integrating SentinelOne
Before you configure the SentinelOne integration, you must have the IP Address of the USM Appliance Sensor.
Note: The procedure below is for the SentinelOne on-premises Virtual Appliance.
To configure SentinelOne to send Syslog messages to USM Appliance
- From the SentinelOne Management Console, click Settings and open the INTEGRATIONS tab.
- Click the SYSLOG subtab.
- In the Host field, specify the USM Appliance Sensor IP Address : 514
- For the Threat information format option, select cef.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, see the vendor documentation.
Feedback