All Apps and Add-ons

Can someone help me set up the SentinelOne App to be able to create actions based on alerts?

chefdivinfo
New Member

Cannot set up the app to be able to create Actions based on alerts. The Sentinelone Add-on (TA_Sentinelone) is configured and information is collected through the console API and forwarded to Splunk, though visible in Splunk Enterprise Security.

However, when I tried to set up the app to be able to configure adaptive response, it does not accept the console token (which by the way is the same used by the TA) :

Could not connect to SentinelOne console. Please verify API Token is correct, The management hostname and domain are correct and confirm that the API Version matches your console and SSL Verification configured properly

And I have this at the bottom of the App setup page :

Could not find configuration files /opt/splunk/etc/apps/sentinelone/local/s1consoles.conf , status:

Both SentinelOne app and add on are 3.5.6 version, Splunk is 7.1.2 and Splunk ES is 5.2.2.

Thanks.

0 Karma

arichmo8
Engager

SentinelOne App v5.2, are there any guides or KB articles written on configuring SentinelOne App? Can't seem to find any information on this anywhere. My understanding is that a service account needs to be created with a previlaged role and then from there the API key is generated. SentinelOne app will need the console URL and the API key. Am I missing anything?

0 Karma

Ironman
Engager

What version of the app are you using?  5.x?

Tags (1)
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...