Skip to content

SentinelOne

Before You Begin

  • Ensure you have an active SentinelOne account.
  • SentinelOne login credentials.
  • Access to the SentinelOne API documentation.

Steps to Generate API Key and Configure Log Forwarding

Log in to SentinelOne Console

  1. Go to the SentinelOne login page and sign in with your administrator credentials.

Create a Service User

  1. On the left blade click Settings - Users - Service Users
  2. Click Create a New Service User
  3. Give the service user a name, description and set the expiration date
  4. In the next screen choose the Scope of Access and click Next
  5. Copy the generated API token and store it securely, as it will only be visible at this stage.

Providing Information to Configure SecurIST

After generating the API key, please provide the following information to us to complete the configuration on our side:

  • API token - The API token you generated.
  • SentinelOne API URL - Your organization-specific base URL, which will depend on your account type. It will be something like organization.sentinelone.net.

Log Source Details:

  • Type of log data (e.g., security events, user activities).
  • Any specific identifiers or tags you use.

Log Data Format:

  • Format of the logs being sent (e.g., JSON).

Log Source IP Address:

  • The IP address from which the logs will be sent.

Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform

Getting Help

If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:

Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.

By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.