Skip to main content

sentinelone

Overview

This documentation outlines the configuration process for SentinelOne to transfer data to AlphaSOC for analysis. Through this integration, the endpoint telemetry ingested by SentinelOne can be used for security monitoring and threat detection.

To enable data log transfers:

  1. Enable Deep Visibility in your SentinelOne console.
  2. Export logs by creating a Cloud Funnel to Amazon Simple Storage Service (S3) or a Google Cloud Storage (GCS) bucket.
  3. Follow AlphaSOC's guide for Collecting data through Amazon S3 or Collecting data through GCS.

After completing the setup and transferring telemetry, the data can be processed by AlphaSOC for analysis.

Enabling Deep Visibility

  1. Log into your SentinelOne console.
  2. Open Policy tab.
  3. Go to Deep Visibility configuration.
  4. Click the toggle near Enable Deep Visibility and select chosen data types.
  5. Click Save.

Exporting Logs to Amazon S3

note

This part requires an existing Amazon S3 bucket.

  1. Open SentinelOne Deep Visibility.
  2. Go to Configure > Policy & Settings, and click Cloud Funnel in the Singularity Data Lake section.
  3. Select AWS as your cloud provider.
  4. Enter the name of your S3 bucket in the S3 Bucket Name field.
  5. Turn on Telemetry Streaming by selecting Enable.
  6. In the Query Filters box, create a query to specify which agents should send data to the S3 bucket.
  7. Click Validate to validate your query.
  8. Ensure that all fields are selected under Fields to Include.
  9. Click Save.

Exporting Logs to GCS

Follow Google Cloud's guide for collecting SentinelOne Deep Visibility logs.