Hello. I have a task to set up monitoring in splunk for SentinelOne (agents) and Ubiquity. I have zero experience with them. From checking thoroughly the app in splunkbase https://splunkbase.splunk.com/app/5433 I can't understand, how am I supposed to set it up and most importantly what steps are to be made on the side of SentinelOne to even send data to splunk. Have in mind that we have outside firm that manages sentinel and on our environment we only get the agents. To put it short I don't understand SentinelOne, I don't manage it and I want to know if there is something to request from the people that manage it (setting, configuration to be made on their side).  I've seen in another topic that I only need to install the splunk app because I will be using an all in one installation for it.

For Ubiquity I see there used to be an app but it is no longer supported it seams. What is my best approach there? Should I also have requirements for the Ubiquity managing team to do some setup in order to connect to our splunk or something else?

Thank you,