Integrating SentinelOne Singularity Data Lake with ConcealBrowse Integrating SentinelOne Singularity Data Lake with ConcealBrowse

Integrating SentinelOne Singularity Data Lake with ConcealBrowse

Description

If you're using SentinelOne Singularity Data Lake (formerly Skylight), you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal to be seamlessly transferred into SentinelOne. This article will guide you through setting up the integration with ConcealBrowse.

Procedure

Prerequisite, your SentinelOne Package must include Extended Detection and Response (XDR)

SentinelOne Singularity Data Lake

Determine the XDR URL for your tenant based on region:

  • USA - https://xdr.us1.sentinelone.net
  • Canada - https://xdr.ca1.sentinelone.net
  • EMEA - https://xdr.eu1.sentinelone.net
  • India - https://xdr.ap1.sentinelone.net or https://xdr.aps1.sentinelone.net
  • Australia - https://xdr.apse2.sentinelone.net

Set up your API Key based on your user interface preferences

Singularity Operations Center Interface Steps

  1. Click Policy & Settings
  2. Click API Keys in the Singularity Data Lake section
  3. Next to Log Access Keys, click +Add Key, choose Add Write Key
  4. Hover over the new key, and click the icon for Copy to clipboard
  5. Store the XDR URL and API Key for the next steps

Former Interface Steps

  1. In the SentinelOne management console, on the lefthand menu, click Visibility
  2. Click your username at the top right, and choose API Keys
  3. Next to Log Access Keys, click +Add Key, choose Add Write Key
  4. Hover over the new key, and click the icon for Copy to clipboard
  5. Store the XDR URL and API Key for the next steps

Conceal Dashboard

  1. Navigate to the Conceal dashboard at https://dashboard.conceal.io/ and login if necessary.
  2. Click on the section labeled Integrations on the left hand menu. Choose the MDR/XDR/EDR tab.
  3. Locate the SentinelOne Singularity tile and click the button labeled Configure.
  4. Provide your SentinelOne Management URL
    - Example: https://xdr.us1.sentinelone.net (Do NOT include any paths, just the base URL, remove any trailing characters such as forward slashes)
  5. Provide the API key you generated and saved from the SentinelOne Management console
  6. Click the Enabled checkbox and Save Settings
  7. Click Test Configuration to send a sample event from the Conceal dashboard.

Screenshot 2024-01-10 at 1.27.53 PM.png

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.