Integrate SentinelOne EDR solution with SIEM.
1,235 views
Skip to first unread message
ismailctest C
Dec 14, 2022, 2:08:17 AM12/14/22
to Wazuh mailing list
Hi,
How to integrate SentinelOne EDR solution with SIEM.
Pablo Ariel Gonzalez
Dec 19, 2022, 11:13:13 PM12/19/22
to Wazuh mailing list
Good morning. I guess what you want to do is send SentinelOne events to Wazuh. If so, you could have different alternatives.
If you have any other questions, please feel free to contact us again.
Thanks,
- You could use syslog to send the events to wazuh.
- You could also store the events in an S3 bucket and then read them from there.
- You could also read a local file using a wazuh agent if that is a valid alternative for your use case.
- Another option could be to use Wazuh's external API integration to read events and then take action.
If you have any other questions, please feel free to contact us again.
Thanks,
anonymous
Jun 5, 2023, 9:33:10 AM6/5/23
to Wazuh mailing list
Could you explain more in depth how to configure syslog to send the events to wazuh from SentinelOne?
At least a rough config of how everything would look like.
At least a rough config of how everything would look like.
Reply all
Reply to author
Forward
0 new messages