Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration: Export Logs from Senitinel One EDR to aiSIEM

Pre-requisites

Before you begin, you’ll need:

  • SentinelOne Installed

  • Seceon CCE Installed

  • Root access

Install the SentinelOne certificate on your CCE server (Advised to be done with Seceon’s Assistance)

Please use the instructions as below:

https://seceon.atlassian.net/wiki/spaces/~557058cf2fd0496c744606bdf6f01734be3904/pages/2040004911

Configure SentinelOne to send logs to aiSIEM(CCE Component)

Open the SentinelOne Admin Console. Configure SentinelOne to send logs to your CCE server.

  1. Select your site.

  2. In the left side menu, click the slider icon [⊶] to open the Settings menu.

  3. Open the INTEGRATIONS tab, and fill in the details:

    1. Under Types, select SYSLOG.

    2. Toggle the button to enable SYSLOG.

    3. Host - Enter your CCE server IP address and port.

    4. TLS - Enable TLS.

    5. Formatting - Select CEF2.

    6. Save your changes.

Configure SentinelOne to send notifications

In the same screen, open the NOTIFICATIONS tab, and fill in the details:

Under Notification Types, check all options under Syslog notifications.

We recommend enabling all notification options to send Syslog logs. Still, it is optional.

Give your logs some time to get from your system to ours, and then check on aiSIEM for verifying reception.

 

Seceon Inc. All rights reserved. https://www.seceon.com