Re: SentinelOne integration

lespinosas · ‎07-15-2024

I have problems with the integration of SentinelOne and Splunk Cloud.

I'm using the app https://splunkbase.splunk.com/app/5433 and try 2 different SentinelOne consoles (set the URL and Token for each console).

I don't know if I am missing something or what is the problem.

Can some one help me to understand this integration?

- Under API Configuration we have the URL usea1-***.sentinelone.net and Token (maybe the token is not the correct one? Where can I find it?)

- Under Inputs set the destination index for the logs.

- Under Base Configuration I can't set the index created (the same as the Inputs tab)

Btw, I don't have the administration of SentinelOne console.

kyle_kyle · ‎11-22-2024

I'm having a similar problem. the SentinelOne recording when Kyle shows how easy it is to set up was missing something. because I the video he pretty much just drops the API token in there and BAM! everything works. I wish there was some setup documentation or guides that show you how to configure these integrations.

SentinelOne integration

configuration

installation

troubleshooting

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?