edr.sentinelone
- Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
1 min read
Loading data...
[ 1 Introduction ] [ 2 Valid tags and data tables ]
Introduction
The tags beginning with edr.sentinelone identify events generated by Sentinel One's platform.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as edr.sentinelone. The third level identifies the type of events sent, and the fourth level indicates the event subtype.Â
Technology | Brand | Type | Subtype |
|---|---|---|---|
edr | sentinelone |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
edr.sentinelone.agent.threats | edr.sentinelone.agent.threats |
edr.sentinelone.agent.agents | edr.sentinelone.agent.agents |
edr.sentinelone.management.activities | edr.sentinelone.management.activities |