SentinelOne collector
Configuration requirements
Configuration | Details |
---|---|
API Token | You will need to generate a SentinelOne API Token. |
More information
Refer to the Vendor setup section to know more about these configurations.
Overview
SentinelOne delivers autonomous endpoint protection through a single agent that prevents, detects, responds to, and hunts attacks. SentinelOne Singularity platform is a data lake that fuses together the data, access, control, and integration plans of its Endpoint Protection (EPP), Endpoint Detection and Response (EDR), IoT security, and Cloud Workload Protection (CWPP) into a centralized platform.
The Devo | SentinelOne integration collects data from various sources available through the SentinelOne API and ingests it into Devo, where it is made available for enterprise teams to query, analyze, and visualize for different use cases.
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Data source
Data Source | Description | aAPI endpoint | Collector service name | Devo tables | Available from release |
---|---|---|---|---|---|
Threat Detections | Detailed telemetry from any threat detected on a device with the SentinelOne agent installed in the organization. This data is additionally mapped to Devo's |
|
|
|
|
Management Console Activities | Detailed events captured by the interactions with the SentinelOne management console |
|
|
|
|
Management Console Activity Types | A lookup table which maps numeric activity types to their written description to add usability to the data |
|
| Lookup table: |
|
Agent Telemetry | System information and telemetry from devices with the SentinelOne agent installed |
|
|
|
|
Vendor setup
In order to configure the SentinelOne collector, you need to generate a SentinelOne API token. Follow these steps to do it:
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to download data with basic configuration are defined below.
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check the detail of the parameterization for more information.
Setting | Details |
---|---|
| Use this param to define the URL used by the collector to pull data. Replace |
| Set up here your access token created in the SentinelOne console. |
See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.
Accepted authentication methods
The following are the accepted authentication methods for this collector.
Authentication Method | URL | API Token |
---|---|---|
API Token | required | required |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| Jan 23, 2024 | IMPROVEMENT | Improvements
|
|
| Aug 16, 2023 | IMPROVEMENT | Updated DCSDK from 1.4.3 to 1.9.1:
|
|
| Oct 26, 2022 | IMPROVEMENT | Improvements:
|
|
| Jun 9, 2022 | IMPROVEMENT | Improvements: The underlying collector framework has been upgraded from v1.1.4 to v1.3.0 that includes the following resilience improvements for input services:
SDK changes from version v1.2.0
|
|