Hello, I need your help 
I am a SOC analyst, and I want to interconnect SentinelOne with ELK SIEM.
Could you help me to know if you have a tuto or clear documentation explaining all the steps please?
Thanks in advance
Hello 
, Thank you very much for your answer.
I have already consulted this doc, unfortunately, it just shows how to generate the sentinelone api. But does not show the steps for interconnection.
I got this working by deploying the SentinelOne integration to one of my fleet managed Elastic Agents.
Hello,
Did you manage to make the connection? Following which documentation please? With each necessary step
Thank you in advance
- Install Elastic Agent on a Windows PC using scripted commands provided when you create an Elastic Agent integration Install Fleet-managed Elastic Agents | Fleet and Elastic Agent Guide [8.7] | Elastic (If you are in a test environment without certificates setup, you will have to add --insecure to the last command)
- Troubleshoot any issues with the agent until it has a status of Healthy and you see CPU and Memory usage reported
- Deploy the SentinelOne integration and choose the same agent policy as the one used by the Elastic Agent
- If that doesn't work, run .\elastic-agent inspect and make sure the outputs shown are correct. I had to modify the Fleet settings to update with the correct hosts Fleet UI settings | Fleet and Elastic Agent Guide [8.7] | Elastic
2 Likes
Thank you a lot for your answer.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.