If I follow the README.md file slavishly I see the following in the container start sequence:
WARN[0000] The "S1_HEC_TOKEN" variable is not set. Defaulting to a blank string.
I would suggest to add to README.md file the following:
Integration with SentinelOne AI SIEM
S1_HEC_TOKEN=
This field contains the API token used to stream logs to the HEC endpoint in AI SIEM.
The token is generated in SentinelOne Console for Console Users or Service Users.
If I follow the README.md file slavishly I see the following in the container start sequence:
WARN[0000] The "S1_HEC_TOKEN" variable is not set. Defaulting to a blank string.
I would suggest to add to README.md file the following:
Integration with SentinelOne AI SIEM
S1_HEC_TOKEN=This field contains the API token used to stream logs to the HEC endpoint in AI SIEM.
The token is generated in SentinelOne Console for Console Users or Service Users.