If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
SentinelOne is an endpoint security platform.
For more information on SentinelOne please visit:
https://www.sentinelone.com/
The main challenges and needs are to:
- Get and retain full audit of activities and alerts from your SentinelOne
- The granular activities and alerts should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
What is it
SkyFormation forSentinelOne connector is part of the Exabeam Cloud Connectors module:
https://www.exabeam.com/product/exabeam-cloud-connectors/
Exabeam Cloud Connectors are ready made connectors that continuously retrieves audit events, activities, alerts, flows and more from available data sources in cloud services via its public APIs.
The events are then sent to your Exabeam Advance Analytics (UEBA) or Exabeam Data Lake (SIEM)
or other supported security systems.
How it works
SkyFormation forSentinelOne connector retrieves the events from the cloud service through its public APIs and send them over syslog to the relevant security system encoded as CEF o JSON.
Connector's API/Audit Sources & Events Supported
| Audit Source (API) | Service/Module Covered | Event Included |
|---|---|---|
| threats | any | All |
Comments
0 comments
Please sign in to leave a comment.