Professional Documents
Culture Documents
Deployment Guide
Date Published: 9/3/2021
Securonix Proprietary Statement
This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any
third party, nor used by the recipient except under the terms and conditions prescribed by Securonix.
The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or their
respective owners.
This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using any
medium, without the prior written authorization of Securonix.
However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and
reference.
Information in this document is subject to change without notice. The software described in this document is
furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in
accordance with the terms of those agreements. Nothing herein should be construed as constituting an additional
warranty. Securonix shall not be liable for technical or editorial errors or omissions contained herein. No part of this
publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without
the written permission of Securonix.
Contact Information
Securonix
5080 Spectrum Drive, Suite 950W
Addison, TX 75001
(855) 732-6649
Introduction 5
About SentinelOne 5
Supported Collection Method 5
Format 5
Functionality 5
SentinelOne Configuration 5
Configuration in SNYPR 7
Verify the Job 13
Introduction
This Deployment Guide provides information on how to configure SentinelOne to
send Audit data to SNYPR.
About SentinelOne
SentinelOne provides endpoint security software that defends every endpoint against
every type of attack, at every stage in the threat lifecycle.
Format
The format is JSON.
Functionality
In SNYPR, resource groups (datasources) are categorized by functionality. The
functionality determines what content is available when you import the datasource.
For more information about Device Categorization, see the Data Dictionary.
SentinelOne Configuration
Complete the following steps to configure SentinelOne to generate tokens required to
collect Audit events in SNYPR.
3.
Note: The host URL information will be similar to the following: https://usa-
partners.sentinelone.net/
5. Select your admin user account and click Generate API token.
Configuration in SNYPR
To configure Unix in SNYPR, complete the following steps:
1. Login to SNYPR.
2. Navigate to Menu > Add Data > Activity.
3. Click + and select Add Data for Existing Device Type.
4. Click the Vendor drop-down and select the following information:
l Vendors: SentinelOne
l Device Type: SentinelOne - Activities
l Collection Method: sentinelone
l Datasource Name
l Specify timezone for activity logs by clicking the drop-down and selecting a
timezone.
a. Enter the URL copied from the step 2 of the SentinelOne Configuration section
in the Base URL column.
b. Provide the token captured under step 6 of the section above in the API Token
column.
9. Click Get Preview on the top right of the screen to view the data.
10. Click Save & Next until you reach the Identity Attribution page.
11. Click + > Add New Correlation Rule.
l User Attribute
l Operation
l Parameter
l Condition
l Separator