SentinelOne Integration - Missing Logs

I have set up SentinelOne Integration and have enabled all of the log collections. I see logs coming in, but there is not much detail. Does anyone know if more details like you see in S1 console should be ingested?

Hi @clintonm9, welcome to the Elastic Discuss community!

Our SentinelOne integration supports a broad range of event types, such as Activity, Alerts, Group, Threat and Agent events. You should be seeing quite granular details in the events once they are ingested via our integration.

Could you post a sample event (with sensitive information removed) so we can determine the events you are seeing and if they are getting mapped to ECS correctly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.