[SentinelOne] add agent.id
to all agent related data collected from SentinelOne
#9879
Labels
enhancement
New feature or request
Integration:SentinelOne
Sentinel One
Team:Security-Service Integrations
Security Service Integrations Team
Description
Two requests with regards to the SentinelOne Integration:
id
in the ES document (sentinel_one.[source_type].agent.id
)30s
for all data streamsBackground
Opened as a result of discussion here: #9313 (comment)
Changes requested are in support of Security Solution's Bi-Directional Response Actions feature which enables our SIEM users to send actions to SentinelOne Agents directly from Kibana.
The text was updated successfully, but these errors were encountered: