Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎01-30-2024 05:45 AM

SIEM: SentinelOne Parser

Hi guys,

 

Anyone has sentinelone parser? It hits NGParser in default and so I can't do any new development.

 

Thanks

304
0 Kudos
4 REPLIES 4
FSM_FTNT
Staff
Staff

Created on ‎01-31-2024 05:45 AM

SentinelOne is supported https://docs.fortinet.com/document/fortisiem/7.1.3/external-systems-configuration-guide/780558/senti...

 

Can you provide a sample event so that I can check?

Change/obfuscate any sensitive values before posting.

283
0 Kudos
adem_netsys
Contributor
In response to FSM_FTNT

Created on ‎01-31-2024 08:20 AM

Hi @FSM_FTNT 

 

We get logs with the help of api, so it does not come in CEF format.

274
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎02-02-2024 10:36 AM

How have you integrated with their API, through the generic HTTP API Poller?

 

https://docs.fortinet.com/document/fortisiem/7.1.3/external-systems-configuration-guide/412973/gener...

266
0 Kudos
adem_netsys
Contributor
In response to FSM_FTNT

Created on ‎02-03-2024 02:27 AM

Yes, i did this way.

256
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.