SentinelOne Cloud Funnel
Table of contents
Configuring a SentinelOne DV (Hermes) Plugin
Click the “+ CLOUD CONNECTOR” button to open a dropdown menu with connector options. Select “SentinelOne DV.”
Contact S1 support to enable Feed
1) Submit ticket to Support requesting a Hermes topic for the customer. Submit a ticket on behalf of the customer, as it is required for the next step. Include the following in the ticket: Customer Name Customer URL (and account name) Data retention (3 days is standard) – this is how long data will live on the kafka bus.
2) Support will need to send a note in the ticket/email to the customer requesting that they accept the risk of their data leaving S1. Once the prospect replied in the ticket or via email (as part of the ticket), support will open a backend ticket to have the work performed.
3) Support will reply to the customer with the following: Instructions CA cert Protobuf file (they will need to compile this file to be used by by their language of choice – instructions are in the KB referenced below) Username for the topic Topic Name Dead-drop link to get the password for the kafka topic. Note, they will submit a password, but that is the one-time use password to be able to pull the actual password from the dead-drop.
Configure Fluency with provided credentials
Just pass these following credentials (once you get them from S1 support) to us in the cloud_import interface to enable the feed
API EndPoint API Token Kafka Server Kafka User Kafka Password Kafka Group Kafka Topic