Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sentinel One Log File

Hi,

Is there a way to get a threat log from Sentinel One? Or an easily readable log file that list the most recent threats? I followed the instructions from this article https://www.sonicwall.com/support/knowledge-base/how-to-run-sentinelone-offline-log-collector-to-collect-the-sentinelone-offline-logs-in-windows/220401114515240/ and ended up with a 400 MB .gz file. Uncompressed the file is over 5 GB. Tons of information there but I wasn't able to find what I was looking for.

Thanks.

Category: Capture Client
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @NTI afaik there is no easy way to gather this information, Windows eventlog holds some information in the SentinelOne/Operational section which might be helpful. S1 has some tools internally for working with the logs, but they keep them secret.

    The "best" way would be probably to gather this information via API call, but I cannot tell if this is possible with CC because I'am using S1 native only.

    --Michael@BWC

Answers

  • NTINTI Newbie ✭

    Thank you for the information. While I understand why S1 would want to keep some things secret I do not understand why they wouldn't give the end user something.

Sign In or Register to comment.