SentinelOne Translations

Assets/Endpoints

SentinelOne	OCSF 1.10 fileactivity.Product	Example
agentVersion	metadata.version	23.4.2.13
	metadata.product.name	SentinelOne
	metadata.product.vendor_name	SentinelOne
computerName	device.hostname	machine_name
externalIp	device.ip	20.132.211.244
uuid	device.id	b626e5fa-bfcf-253f-187a-f9e7dc1515ab
domain	device.domain	44se5ooewnxykf.tx.internal.cloudapp.net
lastActiveDate	device.last_time_seen	2024-12-12
id	device.id	1891593526968377743
coreCount	device.hw_info.cpu_cores	2
cpuCount	device.hw_info.cpu_count	1
cpuId	device.hw_info.cpu	AMD EPYC 7763 64-Core Processor
networkInterfaces.hostname	device.network_interfaces.hostname	eth0
networkInterfaces.inet	device.network_interfaces.ip	10.1.0.5
networkInterfaces.mac	device.network_interfaces.mac	00:22:47:BC:AD:2B
networkInterfaces.uid	device.network_interfaces.uid	1881594526836766352
osName	device.os.name	Linux
osType	device.os.type	linux
osRevision	device.os.version	Ubuntu 20.04.6 LTS 5.15.0-1059-azure

SentinelOne	OCSF 1.10 inventoryinfo.InventoryInfo	Example
name	name	esla-ucm-conf
id	uid	1891593582344131645
publisher	vendor_name	Ubuntu Developers
version	version	1.2.2-1ubunto0.13