- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
SentinelOne is an Endpoint Detection and Response (EDR) solution to discover, protect, and respond to endpoint threats. SentinelOne Singularity Endpoint uses static and behavioral detections to identify and contain both known and unknown threats across the enterprise. It is compatible with Windows, MacOS, and Linux operating systems.
Use this integration to collect activity logs, alerts, and threats directly from the SentinelOne Management API. Combining SentinelOne and Datadog Cloud SIEM gives you full visibility across your cloud infrastructure and your endpoints. The out-of-the-box detection rule shows your SentinelOne built-in alerts and any custom threats alongside the rest of your Cloud SIEM signals for a single pane of glass view across all your systems.
You may also configure SentinelOne Cloud Funnel to forward SentinelOne raw telemetry from an Amazon S3 bucket to Datadog. Customers with Cloud SIEM may use this EDR telemetry data for long term storage, custom detections, investigations, and reporting.
All log data collected will be parsed and normalized for easy searching and dashboarding.
SentinelOne customers can collect alerts, threats, and activity logs as well as Cloud Funnel telemetry. Follow the instructions below to set up your data collection:
Note: Log in to your SentinelOne Customer Portal account to access SentinelOne’s documentation.
Create and configure an Amazon S3 bucket. For instructions, follow How to Configure Your Amazon S3 Bucket in SentinelOne’s documentation.
Set up Cloud Funnel streaming in your SentinelOne Management Console. For instructions, follow How to Enable Cloud Funnel Streaming in SentinelOne’s documentation.
On the Cloud Funnel configuration page, use the following values:
In S3, verify that your Cloud Funnel logs are going to your S3 bucket.
Deploy the Datadog Forwarder CloudFormation stack by clicking Launch Stack on the Datadog Forwarder > CloudFormation page.
Set the following parameters:
DdApiKey
: your Datadog API keyDdSite
: your Datadog siteDdTags
: source:sentinelone,service:sentinelone,endpoint:EDR_Telemetry
In the AWS console, open your Datadog Forwarder Lambda function. Go to the Triggers tab and select Add trigger.
In the AWS console, check your Lambda function’s Monitor tab for errors.
In Datadog’s Log Explorer, look for your SentinelOne S3 logs.
SentinelOne does not include any metrics.
Logs originate from the following sources:
The SentinelOne integration does not include any events.
Need help? Contact Datadog support.