Dear Graylog Community,
Since the last topic I found that discussed this subject was dating from 2019, I’m reopening it because I think it’s an interesting subject 
Has anyone found a way to interface SentinelOne with Graylog ?
Many thanks in advance for all your answers,
G. Morin
I attached quite a few AVs to Graylog: DFE, Kaspersky, Symantec, …
Usually I did a little magic to send logs directly into Graylog and hat fun with parsing, or I did a little python-script querying those solutions and send the answers to Graylog. What does SentinelOne offer?
I’ve also attached quite a few AVs to graylog but this one is trickier.
It’s a cloud-based XDR. It can send logs in SYSLOG using CEF format, but It’s not an option for me because it would require setting up a proxy to route the logs to Graylog.
It seems to have quite a great API though, so I thought that maybe someone have already written some pieces of code to interact with the cloud console through HTTP requests (like the O365 input in Graylog) ?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
