I attached quite a few AVs to Graylog: DFE, Kaspersky, Symantec, …
Usually I did a little magic to send logs directly into Graylog and hat fun with parsing, or I did a little python-script querying those solutions and send the answers to Graylog. What does SentinelOne offer?
I’ve also attached quite a few AVs to graylog but this one is trickier.
It’s a cloud-based XDR. It can send logs in SYSLOG using CEF format, but It’s not an option for me because it would require setting up a proxy to route the logs to Graylog.
It seems to have quite a great API though, so I thought that maybe someone have already written some pieces of code to interact with the cloud console through HTTP requests (like the O365 input in Graylog) ?