Skip to main content

Hi,
as my customer doesnt have cloud funnel in their sentinelone i want to send sentinelone activity logs via syslog to my forwarder, i have installed docker and linux forwarder in gcp compute engine vm;

in gcp projeckt i have tcp/8080 firewall rule with 0.0.0.0/0 ip destination
1) in sentinelone syslog host should i g use vm external ip address as sentinelone not in gcp
2) in secops forwarder configs server settings should i use also my vm external ip adress for port and ip adress
3) in secops forwarder collector should i use my 8080 port and vm externall ip adress as for port and adresss

Sentinel one needs to send to the public ip of your forwarder in GCP.  
you should use that public Ip and port config for your collector. You can define the collector port whatever you would like it just needs a rule. Also, I would change that 0.0.0.0 rule to whatever S1 uses as its external IP. 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.