 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>SentinelOne (30 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSMâ„¢ SentinelOne When you configure SentinelOne to send log data to Sheriff CSM, you can use the SentinelOne plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin Information
Previous Next Sheriff CSMâ„¢ SentinelOne When you configure SentinelOne to send log data to Sheriff CSM, you can use the SentinelOne plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin Information
| Device | Details |
|---|---|
| Vendor | SentinelOne |
| Device Type | Endpoint Security |
| Connection Type | Syslog |
| Data Source Name | sentinelone |
| Data Source ID | 1897 |
Integrating SentinelOne
Before you configure the SentinelOne integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy). Note: The procedure below is for the SentinelOne on-premises Virtual CSM. To configure SentinelOne to send Syslog messages to Sheriff CSM- From the SentinelOne Management Console, click Settings and open the INTEGRATIONS tab.
-
Click the SYSLOG subtab.
-
In the Host field, specify the Sheriff CSM Sensor IP Address : 514
- For the Threat information format option, select cef.
Plugin Enablement
For plugin enablement information, see Enable Plugins.Additional Resources and Troubleshooting
https://www.sentinelone.com/ For troubleshooting, see the vendor documentation.Edit | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r6 - 30 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.