SentinelOne

The SentinelOne Source works by polling your activity logs every 60 seconds.

Currently the SentinelOne source only supports retrieving items from the /activities api endpoint.

Create the source in the RunReveal sources dashboard.

RunReveal will backfill your source from the past 365 days of events that SentinelOne provides.

Once added logs should begin populating within a minute. It may take some time for the backfill operation to complete before logs are up to date.