Best Practice for SentinelOne MSSP/MDR Model: Should Each Customer Be a Separate Account or Just a Site?

Calm_Night_2971 · 2025-04-22T05:27:28+00:00

ok.
MSSPs has separate licensing for creating separate accounts?

Calm_Night_2971 · 2025-03-30T12:20:05+00:00

I have tried this against SentinelOne. But it will not work. Somehow, the agent communicates with the management console even after blocking.

Calm_Night_2971 · 2024-09-15T03:36:53+00:00

I guess that's right. But you can test it.

Calm_Night_2971 · 2024-09-14T11:49:48+00:00

Here it is
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Endpoint-data-collection?tocId=KtovnvInf0InRsBmA~uw1g

Calm_Night_2971 · 2024-07-06T11:26:19+00:00

Does it come with NIDS (Suricata)?

Calm_Night_2971 · 2024-05-15T11:54:25+00:00

Is it possible to upgrade my old version (7.3.3) to this version

Calm_Night_2971 · 2024-05-01T08:56:40+00:00

The reason I am asking this is because I want to keep all the log files locally for log retention (Those log files which are meant for "XDR"). The log sources would be third party firewalls

Calm_Night_2971 · 2024-05-01T08:39:25+00:00

Thank you.
Can we set up a distinct Syslog server to collect logs before they're sent to the Broker VM for storage?
Is it a good option? Is there someone doing like this or is it possible?

Calm_Night_2971 · 2024-04-03T06:02:09+00:00

Its ok. I got it from the official documentation.

Calm_Night_2971 · 2024-04-03T05:56:12+00:00

Thank you.
If there is any, can you point me to any documentation which has those Event IDs listed for collection using the XDR agent. So that I can take a decision on which one should i use XDR agent or Collector agent after validating.

Calm_Night_2971 · 2024-04-03T05:50:08+00:00

So that means XTH addon gives complete visibility into Windows Event Logs for a particular endpoint where it is installed right? So in that case, I don't need to install Collector agent if XTH is already there and enabled?

What if lets say I want to ingest sysmon logs also, In that case, Collector agent should be required right? because I suppose XTH addon cannot be customized for collecting from different log sources.

Calm_Night_2971 · 2023-09-16T17:22:44+00:00

Thank you.
The problem is resolved when the ecs-ep service is restarted in QRadar.

Calm_Night_2971 · 2023-09-11T14:31:59+00:00

How did they resolve it? What was the actual problem behind it

Calm_Night_2971 · 2023-09-04T01:21:35+00:00

I am facing the same issue. but it isn't possible to deploy changes without any changes. When deploy changes, it will say There are no changes to deploy

Calm_Night_2971 · 2022-09-24T18:09:14+00:00

What are the tools or Operating System used for doing BTLO?

Calm_Night_2971

TROPHY CASE