siem – Threat Intelligence

SentinelOne AI SIEM Indicator API

threatinfoAugust 2, 2025August 2, 2025

Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated? Sadly the official documentation is…

SentinelOne siem

Threat Intelligence in SentinelOne AI Siem

threatinfoJune 29, 2025August 2, 2025

Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs Limitations of the…

logstash sentinel siem

SIEM Log Ingestion – To filter or to deduplicate

threatinfoApril 24, 2024April 24, 2024

Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based…

sentinel siem

Sentinel Parsing Data at Ingestion or at Query time

threatinfoApril 1, 2024December 10, 2024

There are different options for parsing data in Microsoft Sentinel. Query time parsing when the parsing is done when an…

sentinel siem Threat Intelligence

Why is the Sentinel Threat Intelligence Indicator API so full of bugs

threatinfoMarch 14, 2024December 17, 2024

Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here.…

log siem

Logstash – Sending Windows Event Logs

threatinfoOctober 8, 2021September 24, 2023

Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step…