Overview
With BrightGauge’s integration to SentinelOne, you can visualize information related to threats detected and agents by SentinelOne within BrightGauge, and display that information on your dashboards.
SentinelOne Integration Setup
- Navigate to the DATA dropdown.
- Select Datasources.
- Click Add a New Datasource.
- Navigate to the Security tab and select SentinelOne.
- Enter the email address associated with your account in the Name field.
- Enter the subdomain (URL) for your SentinelOne instance in the Subdomain field. Please be sure to exclude the "/" character at the end of your URL. Leaving it would cause both the data source to break and/or dataset authentication errors.
- Enter the SentinelOne API Token.
- To locate the API token, navigate to SentinelOne.
- Select My User.
- Click Options.
- Select Generate API Token. If this is not the first time you have done this it will say Regenerate API Token.
- Click Test Connection.
- Click Save.
Default Datasets
To locate your datasets, navigate to DATA > Datasets.
- SentinelOne Agents Mod
- SentinelOne Threat Info Mod.
SentinelOne Gauges and Dashboards
Once setup is complete you will have access to a list of new gauges displaying information from SentinelOne.
SentinelOne - Threats
SentinelOne - Agents
Comments
0 comments