SentinelOne

Subscribe
Download 6
Last updated Jan 5, 2025

Install Guide

Connect Profile Setup

Follow the guide in this document to add a connect profile.

Here are the required fields for the connect profile setup:

  • Name: A unique name to identify the profile.
  • Identifier: A unique identifier for the profile to be used in Logpresso queries.
  • Type: SentinelOne
  • Endpoint: URL in the format https://TENANT.sentinelone.net
  • API Token: The API token issued by SentinelOne

Logger Setup

See this document to add a logger. The default dashboards and datasets installed reference a table starting with EDR_SENTINELONE.

The following are required fields during logger configuration:

  • Name: A unique name to identify the logger
  • Interval: 60 seconds
  • Storage/Data Source: Select the appropriate node based on your Logpresso platform configuration.
  • Logger Model: SentinelOne Alert
  • Table: Enter the table name starting with EDR_SENTINELONE.
  • Connect Profile: The identifier of the connect profile set in the previous step.