SentinelOne Logs
Overview
Section titled “Overview”Evidence: SentinelOne Logs
Description: Collect SentinelOne Logs
Category: Applications
Platform: windows
Short Name: sntlnls
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”SentinelOne is an advanced AI-powered EDR platform that provides autonomous endpoint protection with behavioral detection and automated response capabilities. It maintains comprehensive logs of threats, processes, and security events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about sentinelone logs.
Collection Method
Section titled “Collection Method”This collector gathers SentinelOne log files from the Sentinel directory in ProgramData, containing EDR events, threat detections, and autonomous response actions.
Forensic Value
Section titled “Forensic Value”SentinelOne logs are critical for EDR investigations, providing AI-detected threats, behavioral analysis, process execution chains, and automated remediation actions. They offer detailed visibility into advanced attacks and zero-day threats.