How To Configure SentinelOne To Forward Logs To EventTracker
1y ago
25 Views
2 Downloads
363.22 KB
7 Pages
Report/dmca
Download PDF

Transcription

How-To GuideConfiguring SentinelOne Integrator toForward logs to EventTracker ManagerPublication Date:September 1, 2021 Copyright Netsurion. All Rights Reserved.1

AbstractThis guide provides instructions to configure or retrieve SentinelOne events using EventTracker application.This will collect the logs from SentinelOne cloud like user activity,threat details, etc. After EventTracker isconfigured to collect and parse these logs, dashboard and reports can be configured to monitorSentinelOne.ScopeThe configuration details in this guide are consistent with EventTracker version v9.x or above andSentinelOne.AudienceAdministrators who are assigned the task to monitor SentinelOne using EventTracker. Copyright Netsurion. All Rights Reserved.2

Table of ContentsTable of Contents31.Overview42.Prerequisites43.Generate API Token for SentinelOne44.Configuring SentinelOne to Forward Logs to EventTracker5About Netsurion7Contact Us7 Copyright Netsurion. All Rights Reserved.3

1. OverviewSentinelOne is a next-generation endpoint security product used to protect against all threat vectors. Keepsknown and unknown malware and other bad programs out of endpointsEventTracker collects the events from SentinelOne API and filters it out to get some critical event types forcreating reports, dashboards, and alerts. These are considered as knowledge Packs and helps you to analyzeand manage the SentinelOne easily.2. Prerequisites EventTracker agent should be installed in a host system/ server.PowerShell 5.0 should be installed on the host system/ server.User should have administrative privilege on host system/ server to run PowerShell.User must have viewer role on the SentinelOne console.3. Generate API Token for SentinelOne1. Login into Sentinelone Console with viewer role User.2. Click on drop down and select My User.3. Click on the Generate button for getting API Token.Note: Note the API Token for using it in next steps. Copyright Netsurion. All Rights Reserved.4

4. Configuring SentinelOne to Forward Logs to EventTrackerThe steps provided below will help to configure the EventTracker to receive events from SentinelOne API.1. Get the SentinelOneIntegrator.exe executable file from the link.2. After the executable application is received, run the application with administrator privilege.3. After running the integrator, fill-in the given fields. URL: SentinelOne console URLAPI Token: SentinelOne Viewer Role user token4. Once the required details have been filled, Validate API Token button will enable.5. Click on the Validate API Token button to validate the given details. Copyright Netsurion. All Rights Reserved.5

6. Upon successful validation, a message pops-up, click OK.7. Click Finish in the form bottom to complete the configuration.8. Upon successful configuration it will display the message box as shown below. Copyright Netsurion. All Rights Reserved.6

About NetsurionFlexibility and security within the IT environment are two of the most important factors driving businesstoday. Netsurion’s cybersecurity platforms enable companies to deliver on both. Netsurion’s approach ofcombining purpose-built technology and an ISO-certified security operations center gives customers theultimate flexibility to adapt and grow, all while maintaining a secure environment.Netsurion’s EventTracker cyber threat protection platform provides SIEM, endpoint protection, vulnerabilityscanning, intrusion detection and more; all delivered as a managed or co-managed service.Netsurion’s BranchSDO delivers purpose-built technology with optional levels of managed services to multilocation businesses that optimize network security, agility, resilience, and compliance for branch locations.Whether you need technology with a guiding hand or a complete outsourcing solution, Netsurion has themodel to help drive your business forward. To learn more visit netsurion.com or follow uson Twitter or LinkedIn. Netsurion is #19 among MSSP Alert’s 2020 Top 250 MSSPs.Contact UsCorporate HeadquartersNetsurionTrade Centre South100 W. Cypress Creek RdSuite 530Fort Lauderdale, FL 33309Contact NumbersEventTracker Enterprise SOC: 877-333-1433 (Option 2)EventTracker Enterprise for MSP’s SOC: 877-333-1433 (Option 3)EventTracker Essentials SOC: 877-333-1433 (Option 4)EventTracker Software Support: 877-333-1433 (Option 5)https://www.netsurion.com/eventtracker-support Copyright Netsurion. All Rights Reserved.7

Copyright Netsurion. All Rights Reserved. 7 About Netsurion Flexibility and security within the IT environment are two of the most important factors driving business

Related Books

Cisco Wireless LAN Controller Command Reference

Cisco Wireless LAN Controller Command Reference

Fortinet and SentinelOne Deployment Guide

Fortinet and SentinelOne Deployment Guide

Nortel CS1000 Succession 4.0 with Cisco IOS Session Border Element for .

Nortel CS1000 Succession 4.0 with Cisco IOS Session Border Element for .

Networking Guide Red Hat Enterprise Linux 7

Networking Guide Red Hat Enterprise Linux 7

Advanced Labs - howtonetwork

Advanced Labs - howtonetwork

Overview of New Technical Topics in CCNAv7 - Istituto

Overview of New Technical Topics in CCNAv7 - Istituto

Configure IPSec VPN Tunnels With the Wizard - Netgear

Configure IPSec VPN Tunnels With the Wizard - Netgear

Guide to Cisco Routers Configuration - اموزش شبکه مجازی .

Guide to Cisco Routers Configuration - اموزش شبکه مجازی .

Study Guide - davidstamen

Study Guide - davidstamen

Cisco UCS C240 M5Sx Rack Server for Microsoft Azure Stack HCI Data Sheet

Cisco UCS C240 M5Sx Rack Server for Microsoft Azure Stack HCI Data Sheet

Entrust Identity as a Service and Entrust CloudControl: Integration Guide

Entrust Identity as a Service and Entrust CloudControl: Integration Guide

PopularTags

Recent Views