Collect SentinelOne logs?

Dear Graylog Community,

Since the last topic I found that discussed this subject was dating from 2019, I’m reopening it because I think it’s an interesting subject :slight_smile:

Has anyone found a way to interface SentinelOne with Graylog ?

Many thanks in advance for all your answers,

G. Morin

I attached quite a few AVs to Graylog: DFE, Kaspersky, Symantec, …
Usually I did a little magic to send logs directly into Graylog and hat fun with parsing, or I did a little python-script querying those solutions and send the answers to Graylog. What does SentinelOne offer?

I’ve also attached quite a few AVs to graylog but this one is trickier.

It’s a cloud-based XDR. It can send logs in SYSLOG using CEF format, but It’s not an option for me because it would require setting up a proxy to route the logs to Graylog.

It seems to have quite a great API though, so I thought that maybe someone have already written some pieces of code to interact with the cloud console through HTTP requests (like the O365 input in Graylog) ?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.