SentinelOne

Version: SentinelOne

SentinelOne is a next-generation endpoint security product used to protect against all threat vectors. Keep known and unknown malware and other bad programs out of endpoints.

Netsurion collects the events from SentinelOne API and filters it out to get some critical event types for creating reports, dashboards, and alerts. These are considered as Data Source Integrations and helps you to analyze and manage the SentinelOne easily.

Flex reports will contain detailed overview of activities like login/ logout, firewall block activity, threat detection activity, and user management activities.

Alerts will be triggered when critical security events like threat detected, an external device connected, suspicious process detected, etc.

The dashboard provides a visual representation of all the activities like top user login, top threat activities, device control activities by the system, etc.

Once events are received into Netsurion, Reports, Knowledge Objects, Categories and Dashboards can be configured into Netsurion.

Netsurion monitors all the SentinelOne events, they are given as below.

  • Security –Threat detection, Non-Mitigated threat detection, Suspicious process detection, Device control activities.
  • Operation – Log in and log out details, User-Management activity, and other management activities on the SentinelOne console.

Once SentinelOne is configured to deliver events to Netsurion alerts, dashboards, and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security SentinelOne - Threat Activity Detected This alert will be triggered in the event of any threat related activity (like new threat detected, suspicious process dejected) that has been detected.
Security SentinelOne - USB Activity Detected This alert will be triggered when external devices have been connected to the systems which have been detected by the device control.
Security SentinelOne - Threat Not Mitigated This alert will be triggered in the event of any threat action have been failed.

Reports

Type Name Description
Security SentinelOne - Firewall control activity This report will generate a detailed view of activity related to firewall activity like firewall rule applied on the traffic.
Security SentinelOne - Threat activity details This report will generate a detailed view on activities related to the threat activities like (New Threat Mitigated, New Threat Suspicious, Process marked as a threat, Threat Killed by Policy).
Security SentinelOne - Device control activity This report will generate a detailed view on activities related to the external device connected or disconnected and the rule applied to the event and their action.
Operations SentinelOne - Management activity This report will generate a detailed view of activities that happened in the SentinelOne by the Users.
Operations SentinelOne - User login and logout details This report will generate a detailed view of activities related to user login and logout on SentinelOne console.
Operations SentinelOne - User management details This report will generate a detailed view on activities related to user management, i.e. user added, user deleted, user modified, etc.

Documentation

The configuration details are consistent with Netsurion version 9.X and later, and SentinelOne.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept