edr.sentinelone

[ 1 Introduction ] [ 2 Valid tags and data tables ]

Introduction

The tags beginning with edr.sentinelone identify events generated by Sentinel One's platform.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as edr.sentinelone. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Technology	Brand	Type	Subtype

Technology	Brand	Type	Subtype
edr	sentinelone	agent management	threats agents activities

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag	Data table

Tag	Data table
edr.sentinelone.agent.threats	edr.sentinelone.agent.threats
edr.sentinelone.agent.agents	edr.sentinelone.agent.agents
edr.sentinelone.management.activities	edr.sentinelone.management.activities

Devo v7.10.0

edr.sentinelone

Analytics

Introduction

Valid tags and data tables