Configuring SentinelOne Log Ingestion

To configure your SentinelOne endpoint protection system to send logs to Stellar Cyber:

Use our example as a guideline, as you might be using a different software version.

During installation, the timezone for sensors are automatically set to UTC+0. Since the logs for some security products may only include the local time without a timezone, Stellar Cyber recommends that you set the sensor timezone to the same timezone as your security product.

  1. Log in to SentinelOne.

  2. Click INTEGRATIONS.

  3. Click SYSLOG.

  4. Enable SYSLOG.

  5. For the Host, enter the IP address of the data sensor.

  6. For the port, enter 5175.

  7. Optionally enable TLS. If you do so, then under Certificate, click Upload. This sends the sensor CA certificate to SentinelOne.

  8. For Formatting, choose CEF2.

  9. Click Save.