Endpoint security software that defends every endpoint against every type of attack, at every stage in the threat lifecycle.
Chronicle Data Types & Collection Method
|SENTINELONE_DV||Kafka Queue Subscription|
- API token
- Management URL (The management URL will usually be in the format https://organisation_name.sentinelone.net/web)
- Confirm API version (usually 2.1)
Configuring Endpoint Detection & Response (EDR)
Obtain an API token from SentinelOne for a new user with appropriate permissions levels.
The API access key can be generated in the SentinelOne dashboard.
- Click My User, top right of screen.
2. Click on Generate API token.
3. Copy or Click Download and save the API token.
Configuring SentinelOne Alerts in Chronicle
- After copying the details and the blob service URI, Open Chronicle and select FEEDS in settings option.
2. Select source type and Log type as mentioned below and click NEXT.
3. Paste the Authorization and API Hostname in the blanks.
4. Click Submit