Link
Search

image

NeQter Labs How to Guides

SentinelOne

Step 1:

Log in to the NeQter Appliance and go to the NeQter Settings > Inputs page.

Step 2:

Add the following inputs for SentinelOne individually by clicking on the Add input button, then filling out the form with the input name of your choice, one of the IPs listed below, and SentinalOne selected as the manufacturer. At the end of this step, each input should have a unique ip from the list below.

  • 54.211.159.31
  • 54.160.219.31
  • 52.4.126.188
  • 54.211.162.22
  • 52.2.239.24 image

Step 3:

Log on to your SentinelOne environment and go to INTEGRATIONS > Notifications and Data Forwarding.

Step 4:

Go to the Syslog Configuration Tab. Enable syslog, enter your network ip address in the Host field and enter port 6514 after it (:6514). Change the **Information Format** to **CEF2**. Click **Save** once finished.

image

Step 5:

On the Firewall / Router, setup a Dynamic NAT rule to have port 6514 traffic from the IPs listed under Step 2 pointed to neqter’s ip address. Keep source ip and port the same.

Step 6:

Enable Sentinel One in NeQter by going to NeQter Settings > Dashboards and toggle the “enable” switch. image

If the steps above is followed you should see SentinelOne Traffic within 24 hours at most. Please create a ticket here if further help is needed.