Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎07-08-2024 03:10 AM

Sentinelone Parser

Hi,

 

I get logs from Sentinelone with syslog and the previously parsed logs do not parser, it hits a different parser. Fortinet has a default parser and when I examine the documentation, it should parser in CEF format. Has anyone encountered this situation?

 

265
0 Kudos
3 REPLIES 3
cdurkin_FTNT
Staff
Staff

Created on ‎07-08-2024 06:30 AM

Can you expand on this?

 

You have SentinelOne logs via syslog and after an upgrade they no longer parse?

 

What is the Event Parser that is matching these events?

Are they still in CEF format?

Is old message header vs new message header different?

246
adem_netsys
Contributor
In response to cdurkin_FTNT

Created on ‎07-10-2024 12:02 AM Edited on ‎07-10-2024 12:29 AM

Ekran görüntüsü 2024-07-10 102856.png

I can't see a CEF in the log right now. When I checked the old logs, they were also in unknown status.

230
0 Kudos
adem_netsys
Contributor

Created on ‎07-29-2024 09:41 AM

Does anyone have a parser in Json format related to SentinelOne?

144
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.