SentinelOne Integration

Hello ,
I'm trying to integrate SentinelOne API to Elastic for the purpose of collecting logs but unfortunatly i can't find any tutorial or information on how to use the API token generated from the used and integrate it to Elastic,

Hi @Medel - welcome to the Discuss community!

Within Kibana, if you go to Management -> Integrations, you should see the SentinelOne integration there. Once you go to that integration and click 'Add SentintelOne' it will take you to the integration configuration, where you can enter your S1 console URL and API key.

You'll then need to assign the integration to an Elastic Agent to collect the events and ship to Elastic. For more information on Elastic Agent, please see here.

1 Like

Thank you so much, Jamie, for your time !
I appreciate it a lot .
Do you have any idea about the ways to parse the alerts coming from sentinelOne , In order to display them in a more intuitive from than the default display:

Thank you very much again

The example within the documentation is just the raw JSON events, but once you enable the integration and start ingesting alerts, you can interact with them within Timeline and also via the dashboards included with the integration.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.