Link
Search

image

NeQter Labs How to Guides

SentinelOne

Step 1:

Login to the NeQter Appliance and go to the NeQter Settings > Inputs page.

Step 2:

Add in the following inputs for SentinelOne, the label can be anything you prefer but all 5 inputs must match the ips listed with manufacturer being SentinelOne.

  • 54.211.159.31
  • 54.160.219.31
  • 52.4.126.188
  • 54.211.162.22
  • 52.2.239.24

Step 3:

Logon to your SentinelOne Environment and go to INTEGRATIONS > Notifications and Data Forwarding.

Step 4:

Go to the Syslog Configuration Tab, enable and change the IP to the WAN address to the address of the network your neqter is connected to (I.E the external ip of your firewall / router), make the port 6514 and change the Information Format to CEF2. Click Save once finished.

image

Step 5:

On the Firewall / Router, setup a Dynamic NAT rule to have 6514 traffic from the IPs listed under Step 2 pointed to the neqter’s ip address, keep source ip and port the same however.

Step 6:

If not already done, make sure Sentinel One under NeQter Settings > Dashboards on your neqter device is enabled.

If the steps above is followed you should see SentinelOne Traffic within 24 hours at most. Please create a ticket here if further help is needed.