Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
SentinelOne offers security solutions for endpoints (EDR), cloud environments, and identities. It detects threats and malicious behavior across multiple vectors and automatically responds to remediate cyber threats in real-time.
SentinelOne logs provide critical insights into your organization’s security, including endpoint activities, detected threats, and user and admin actions. Monitor your logs in the Coralogix platform to identify patterns, investigate threats and abnormal actions, and understand the context of potential security breaches.
You must have the following SentinelOne admin permissions:
View
View/Create
To deploy the SentinelOne integration package, you must create a new service user in SentinelOne with the roles described below and create an API token to be used for authentication with Coralogix.
Follow these steps:
STEP 1. Navigate to Settings > Users > Roles
STEP 2. Select Actions > New Role
STEP 3. Create a new role with these permissions: Endpoint Threats: View
, Activity: View
STEP 4. Navigate to Settings > Users > Service Users
STEP 5. Select Actions > Create New Service User
STEP 6. Create a new service user while selecting the desired scope and role defined above.
STEP 7. Copy the API token displayed once the service user is created.
Notes:
To configure this integration, users must have all of the following Coralogix permissions:
Resource | Action | Description | Explanation |
---|---|---|---|
integrations | ReadConfig | View Deployed Integrations | View deployed integration packages. |
integrations | Manage | Manage Integrations | Deploy, undeploy, and update integrations. |
Find out more about roles and permissions here.
STEP 1. From your Coralogix toolbar, navigate to Data Flow > Integrations. Select SentinelOne. Click Connect.
STEP 2. Click Add New.
STEP 3. Define the integration settings:
STEP 4. Click Complete.
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by emailing support@coralogix.com.