Up
Previous Next

Sheriff CSMâ„¢

SentinelOne

When you configure SentinelOne to send log data to Sheriff CSM, you can use the SentinelOne plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor SentinelOne
Device Type Endpoint Security
Connection Type Syslog
Data Source Name sentinelone
Data Source ID 1897

Integrating SentinelOne

Before you configure the SentinelOne integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

Note: The procedure below is for the SentinelOne on-premises Virtual CSM.

To configure SentinelOne to send Syslog messages to Sheriff CSM
  1. From the SentinelOne Management Console, click Settings and open the INTEGRATIONS tab.
  2. Click the SYSLOG subtab.

  3. In the Host field, specify the Sheriff CSM Sensor IP Address : 514

  4. For the Threat information format option, select cef.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.sentinelone.com/

For troubleshooting, see the vendor documentation.
Topic revision: r6 - 30 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.