In this article, you will learn how to integrate SonicWall Capture Client with SecurityCoach. Once you set up this integration, data provided by SonicWall will be available under the SecurityCoach tab of your KSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns.
For general information about SecurityCoach, see our SecurityCoach Product Manual.
Create a SonicWall Capture Client Admin Account
Before you can set up the integration in your KSAT console, you will need to create a SonicWall Capture Client admin account. To create your admin account, follow the steps below:
- From your browser, navigate to your SonicWall Capture Client console and click Login with MySonicWall.
- Navigate to Management > Administrators.
- Click the + sign on the right to open the Administrators window.
- Enter the desired email, name, and password for your new admin account.
- Click Create.
Obtain Your SentinelOne API Key
Before you set up the integration in your KSAT console, you will need to obtain your SentinelOne API key. To obtain your API key, create a support ticket from your SonicWall console requesting your SentinelOne API key from the SonicWall support team.
Set Up the Integration in Your KSAT Console
Once you've created your SonicWall Capture Client admin account and obtained your SentinelOne API key, you can set up the integration in your KSAT console. To set up the integration in your KSAT console, follow the steps below:
- Log in to your KSAT console and navigate to SecurityCoach > Setup.
- In the Available Integrations section, locate the SonicWall Capture Client card.
- At the bottom of the card, click Configure.
- In the User Name field, enter the email address from the admin account you created in the Create a SonicWall Capture Client Admin Account section of this article.
- In the Password field, enter the password from the admin account you created in the Create a SonicWall Capture Client Admin Account section of this article.
- In the URL field, enter your SonicWall Capture Client console URL. Your SonicWall Capture Client console URL will be similar to “https://captureclient-01.sonicwall.com”.
- In the API Key field, enter your SentinelOne API key.
- Click Authorize.
Map Your Users
After you’ve finished integrating SonicWall Capture Client, you can map your users either through mapping rules (recommended) or through a CSV file upload. For more information about user mapping, see our Mapping Users in SecurityCoach article.
Once you’ve successfully authorized this integration, you can manage detection rules for SonicWall Capture Client on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.