Up PreviousNext
Sheriff CSMâ„¢
SentinelOne
When you configure SentinelOne to send log data to Sheriff CSM, you can use the SentinelOne plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
Plugin Information
Device
Details
Vendor
SentinelOne
Device Type
Endpoint Security
Connection Type
Syslog
Data Source Name
sentinelone
Data Source ID
1897
Integrating SentinelOne
Before you configure the SentinelOne integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).
Note: The procedure below is for the SentinelOne on-premises Virtual CSM.To configure SentinelOne to send Syslog messages to Sheriff CSM
From the SentinelOne Management Console, click Settings and open the INTEGRATIONS tab.
Click the SYSLOG subtab.
In the Host field, specify the Sheriff CSM Sensor IP Address : 514
For the Threat information format option, select cef.