Sentinel One Log File
Is there a way to get a threat log from Sentinel One? Or an easily readable log file that list the most recent threats? I followed the instructions from this article https://www.sonicwall.com/support/knowledge-base/how-to-run-sentinelone-offline-log-collector-to-collect-the-sentinelone-offline-logs-in-windows/220401114515240/ and ended up with a 400 MB .gz file. Uncompressed the file is over 5 GB. Tons of information there but I wasn't able to find what I was looking for.
BWC Cybersecurity Overlord ✭✭✭
@NTI afaik there is no easy way to gather this information, Windows eventlog holds some information in the SentinelOne/Operational section which might be helpful. S1 has some tools internally for working with the logs, but they keep them secret.
The "best" way would be probably to gather this information via API call, but I cannot tell if this is possible with CC because I'am using S1 native only.
Thank you for the information. While I understand why S1 would want to keep some things secret I do not understand why they wouldn't give the end user something.