Cannot set up the app to be able to create Actions based on alerts. The Sentinelone Add-on (TA_Sentinelone) is configured and information is collected through the console API and forwarded to Splunk, though visible in Splunk Enterprise Security.
However, when I tried to set up the app to be able to configure adaptive response, it does not accept the console token (which by the way is the same used by the TA) :
Could not connect to SentinelOne console. Please verify API Token is correct, The management hostname and domain are correct and confirm that the API Version matches your console and SSL Verification configured properly
And I have this at the bottom of the App setup page :
Could not find configuration files /opt/splunk/etc/apps/sentinelone/local/s1consoles.conf , status:
Both SentinelOne app and add on are 3.5.6 version, Splunk is 7.1.2 and Splunk ES is 5.2.2.
... View more