To integrate SentinelOne, do the following procedures:
- To configure Syslog forwarding from SentinelOne EPP
- To find your SentinelOne Site token
- To set up Barracuda XDR Dashboard
To configure Syslog forwarding from SentinelOne EPP
In address bar of a browser, enter the SentinelOne Management Console URL provided by the SentinelOne support team (For example,
https://<DomainName>.sentinelone.net/dashboard
, where<DomainName>
is the domain name of your SentinelOne account).Log in to the SentinelOne Management Console as an Administrator.
If you are a Site or Account Admin, you must select a Site to open Settings.
Click Settings.
Click Notifications.
In the Syslog column, ensure all Syslog settings are selected. (See the sample screenshot below.)
- In the SentinelOne Management Console, click Settings > Integrations > Syslog. Ensure Formatting is set to CEF2.
In Your syslog host, enter the following:
US:
sentinel-us-ingest.skout-build.com
EU:
sentinel-eu-ingest.skout-build.com
In the textbox, after the ":", type
6514
.Check the Use TLS Secure Connection box.
Click Test.
Click Save.
To find your SentinelOne site ID
- In a web browser, navigate to
https://<DomainName>.sentinelone.net/dashboard
, where<DomainName>
is the domain name of your SentinelOne account. - In the left navigation bar, click Sentinels.
- Click the name of the site.
- Scroll to the right and click Site Info.
- Copy the site ID to use in the To set up Barracuda XDR Dashboard procedure, below.
To set up Barracuda XDR Dashboard
- In Barracuda XDR Dashboard, click Administration > Integrations
- On the SentinelOne card, click Setup.
- Select Enabled.
- In the Site Id field, paste the Site ID you copied in the previous procedure.
- Click Save.