SentinelOne Logs

Overview

Evidence: SentinelOne Logs Description: Collect SentinelOne Logs Category: Applications Platform: windows Short Name: sntlnls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

SentinelOne is an advanced AI-powered EDR platform that provides autonomous endpoint protection with behavioral detection and automated response capabilities. It maintains comprehensive logs of threats, processes, and security events.

Data Collected

This collector gathers structured data about sentinelone logs.

Collection Method

This collector gathers SentinelOne log files from the Sentinel directory in ProgramData, containing EDR events, threat detections, and autonomous response actions.

Forensic Value

SentinelOne logs are critical for EDR investigations, providing AI-detected threats, behavioral analysis, process execution chains, and automated remediation actions. They offer detailed visibility into advanced attacks and zero-day threats.