All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SentinelOne integration

lespinosas
Explorer
‎07-15-2024 12:24 PM

I have problems with the integration of SentinelOne and Splunk Cloud.

I'm using the app https://splunkbase.splunk.com/app/5433 and try 2 different SentinelOne consoles (set the URL and Token for each console).

I don't know if I am missing something or what is the problem.

Can some one help me to understand this integration? 

- Under API Configuration we have the URL usea1-***.sentinelone.net  and Token (maybe the token is not the correct one? Where can I find it?)

- Under Inputs set the destination index for the logs.

- Under Base Configuration I can't set the index created (the same as the Inputs tab)

Btw, I don't have the administration of SentinelOne console.

Labels (3)
Reply

kyle_kyle
Engager
‎11-22-2024 12:52 PM

I'm having a similar problem. the SentinelOne recording when Kyle shows how easy it is to set up was missing something. because I the video he pretty much just drops the API token in there and  BAM! everything works.  I wish there was some setup documentation or guides that show you how to configure these integrations. 

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...