Follow

Comments

5 comments

  • Avatar
    Brad Holton

    Sounds like marketing and engineering are not talking...

     

    https://www.sentinelone.com/press/sentinelone-partners-with-sumo-logic/

     

    Sumo Logic now integrates directly into the SentinelOne platform in order to provide continuous security intelligence. Through the partnership, Sumo Logic customers will be able to leverage SentinelOne’s next-generation endpoint protection directly through the Sumo Logic platform to prevent, detect, and undo known and unknown threats in real time.

    1
    Comment actions Permalink
  • Avatar
    Duc Ha

    Hi Brad, 

    If you are asking about sending logs into Sumo Logic, then: 

    From Sumo side:

    0. Create a Sumo Logic cloud syslog according to: https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-Syslog-Source

    Note the SIEM token, host and TLS port.

    Then on SentinelOne side:

    1. From the SentinelOne Management Console, click Settings and open the INTEGRATIONS tab
    2. Click the SYSLOG subtab
    3. In the Host and port field, specify the Sumo host and port  from step 0.
    4. For the Threat information format option, select CEF2.
    5. In the SIEM token field, put in the Sumo SIEM token.

    You can use Live Tail (https://help.sumologic.com/05Search/Live-Tail/About-Live-Tail) on the Sumo cloud syslog to test. 

    1
    Comment actions Permalink
  • Avatar
    Tony Santos

    Duc,

     

     

    I've done this but where do I get a server certificate?

     

    I tried downloading the cert from the sentinelone dashboard but that gives me an SSL error. 

    0
    Comment actions Permalink
  • Avatar
    Tony Santos

    Duc,

     

    I've followed these steps. but what do I put in for certificate on the SentinelOne side? It says Missing SSL sever certificate. 

     

    I tried downloading the certificate from SentinelOne dashboard website and using that but it says SSL error when I test. 

    0
    Comment actions Permalink
  • Avatar
    Duc Ha

    Sorry, didn't see this question until now. You need the Sumo's Digicert, as documented in our doc above, section "Setup TLS"

    0
    Comment actions Permalink

Please sign in to leave a comment.