Hi Arunkumar,
integrating Sentinel can be a little confusing as there exist three ways. The one you attached relays on a new protocol type that should be installed when you install the extension mentioned in your document. Maybe it will be available after the deploy. If this is not the case you could also download it from ibm fix central install it manually (see https://www.ibm.com/support/pages/qradar-using-yum-manually-install-reinstall-or-search-rpm-packages). What John mentioned is another way of integrating it without an additional Logsource type using the universal one.
Have great day!
Martin
------------------------------
Martin Schmitt
Senior Cyber Defense Consultant
SECUINFRA
Berlin
------------------------------
Original Message:
Sent: Fri March 15, 2024 07:18 AM
From: Arunkumar R
Subject: SentinelOne Connector App Integration
Hi,
To configure the sentinelone EDR via sentinelone connector app, I tried to add the log source as per the document. But there is no protocol type in the QRadar for the log source type SentinelOne API.
Any option to complete the integration?
Thanks
------------------------------
Arunkumar R
------------------------------