SentinelOne ActiveEDR data source type specifications
When you configure SentinelOne ActiveEDR, understanding the specifications for the SentinelOne ActiveEDR data source type can help ensure a successful integration. For example, knowing what the supported version of SentinelOne ActiveEDR is before you begin can help reduce frustration during the configuration process.
The following table describes the specifications for the SentinelOne ActiveEDR data source type.
| Specification | Value |
|---|---|
| Manufacturer | SentinelOne |
| Data source type | SentinelOne ActiveEDR |
| Connector type |
Universal REST API |
| Event format | JSON |
| Recorded event types | Threats |
| Automatically discovered? | No |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | SentinelOne Active EDR (https://www.sentinelone.com/blog/active-edr-feature-spotlight/) |