Implementing SentinelOne Filebeat #9703
-
|
I am fairly new to SO and am currently on version 2.3.200. I would like to install the SentinelOne filebeat but am unsure as to where I should begin? I have been unable to find any documentation that shows what needs to be added to the salt states file like some of the other modules show. Is there a more manual process I must use in order to implement? If so, would someone be so kind to point me to it? If I am successful, I will certainly update this post with what I have learned. I appreciate the help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I don't see a SentinelOne module on the list of supported Filebeat modules: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html Are you referring to the Elastic Agent integration? (https://docs.elastic.co/integrations/sentinel_one) Security Onion 2.3 does not support Elastic Agent, but that is coming in 2.4. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, that is what I am referring to. I did not see the list of supported filebeat modules and only saw the Elastic Agent integration. I am happy to hear that support for the latter is coming in SO 2.4. Thank you for your help. |
Beta Was this translation helpful? Give feedback.
I don't see a SentinelOne module on the list of supported Filebeat modules: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html
Are you referring to the Elastic Agent integration? (https://docs.elastic.co/integrations/sentinel_one) Security Onion 2.3 does not support Elastic Agent, but that is coming in 2.4.