SentinelOne (DataSet)
Integrating NetFlow Optimizer (NFO) with SentinelOne (DataSet) (formerly Scalyr) provides a high-performance, real-time platform for network log analysis and long-term retention. By streaming NFO’s enriched flows into DataSet, organizations gain instant visibility into network behavior with the ability to "Live Tail" traffic and perform sub-second searches across massive datasets.
Key Benefits
- Sub-Second Search Performance: DataSet’s unique architecture allows you to query NFO's network logs across weeks of data in under a second, making it ideal for rapid incident response.
- Real-Time Live Tail: Observe network traffic as it happens. Use the Live Tail feature to troubleshoot connectivity issues or monitor for active security threats in real-time.
- Cost-Efficient Scalability: NFO’s module-level aggregation reduces your flow volume by 80-90%, ensuring you only store high-value, enriched data in DataSet.
- Unified Security View: Correlate NFO network telemetry with SentinelOne endpoint alerts and other infrastructure logs within the same DataSet workspace.
Integration Architecture
NFO acts as a high-efficiency log pre-processor that feeds the DataSet Agent.
- Collect: NFO ingests raw flows from your network devices.
- Process: NFO Modules (e.g., Network Conversations) aggregate flows and enrich them with DNS, User Identity, and GeoIP data.
- Forward: Enriched logs are written to a local file or sent via syslog to the DataSet Agent.
- Visualize: The DataSet Agent streams the data to the cloud, where it is indexed and made available for searching and dashboarding.
Get Started
Deployment & Configuration
Learn how to install the DataSet Agent and configure NFO for optimal log ingestion.