Select Page

SentinelOne – syslog forwarding

Welcome Forums Integrations SentinelOne – syslog forwarding

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • May 23, 2022 at 3:32 pm #3290
    Mike RiforgiateMike Riforgiate
    Keymaster
    Configure SentinelOne to send logs to Precinct

    Open the SentinelOne Admin Console. Configure SentinelOne to send logs to your Syslog server.

    1. Select your site.
    2. In the left side menu, click the slider icon [⊶] to open the Settings menu.
    3. Open the INTEGRATIONS tab, and fill in the details:
      1. Under Types, select SYSLOG.
      2. Toggle the button to enable SYSLOG.
      3. Host – Enter your public SYSLOG server IP address and port.
      4. Formatting – Select CEF2.
      5. Save your changes.

    Configure SentinelOne to send notifications

    In the same screen, open the NOTIFICATIONS tab, and fill in the details:

    Under Notification Types, check all options under Syslog notifications.

    We recommend enabling all notification options to send Syslog logs for full Precinct incident enrichment.

     

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.