SentinelOne

Once SentinelOne is configured to deliver events to EventTracker alerts, dashboards, and reports can be configured into EventTracker.

Reports

SentinelOne - Management activity–This report will generate a detailed view of activities that happened in the SentinelOne by the Users.
SentinelOne - User login and logout details–This report will generate a detailed view of activities related to user login and logout on SentinelOne console.
SentinelOne - User management details– This report will generate a detailed view on activities related to user management, i.e. user added, user deleted, user modified, etc.

Alerts

SentinelOne Threat Activity Detected–This alert will be triggered in the event of any threat related activity (like new threat detected, suspicious process dejected) that has been detected.
SentinelOne USB Activity Detected–This alert will be triggered when external devices have been connected to the systems which have been detected by the device control.
SentinelOne Threat Not Mitigated–This alert will be triggered in the event of any threat action have been failed.

Reports

SentinelOne - Firewall control activity–This report will generate a detailed view of activity related to firewall activity like firewall rule applied on the traffic.
SentinelOne - Threat activity details –This report will generate a detailed view on activities related to the threat activities like (New Threat Mitigated, New Threat Suspicious, Process marked as a threat, Threat Killed by Policy).
SentinelOne - Device control activity–This report will generate a detailed view on activities related to the external device connected or disconnected and the rule applied to the event and their action.

The configuration details are consistent with EventTracker version 9.X and later, and SentinelOne.

To configure SentinelOne to send logs to EventTracker, refer to the How-to Guide.

For more information, please refer to the SentinelOne Integration guide.