modified included telemetry requiring enablement

[xC0uNt3r7hr34t]

Update SentinelOne with Features needing to be enabled

Description

Please provide the below information so we can validate before merging:

1. Does the proposed EDR feature align with our definition of telemetry? YES
2. Could you please provide documentation to support the telemetry you are proposing? --- documention previously provided; telemetry switched to "Via EnablingTelemetry" due to requiring it to be turned on to be collected. It is still included with no extra cost or licensing required.
3. If no documentation is available for all the categories you are proposing, could you provide screenshots or sanitized logs?

• reviewed private SentinelOne documentation to confirm the default configuration requires these settings to be enabled.

  Type of change

Please delete options that are not relevant.

• [x] Feature Improvement (non-breaking change which fixes an issue)
• [ ] New feature (adding additional EDR product or proposing new event categories/sub-categories)
• [ ] This change requires a documentation update
• [ ] New tool (suggesting additional tools for improving collection and analysis)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.

Tests were not rerun due to only change being moving the previous configuration of "yes" to "Via EnablingTelemetry"

Checklist:

• [x] My code follows the style guidelines of this project
• [x] I have performed a self-review of my own code
• [x] I have made corresponding changes to the documentation
• [x] I have added tests that prove my corrections or additions are accurate
• [x] I have checked my code and corrected any misspellings

Don't stress yourself out, just answer the above to the best of your ability and we can discuss in the comments 🙂

[tsale]

Awesome, thanks for that @xC0uNt3r7hr34t! Is it possible to provide a screenshot of the various settings you can enable within the Sentinel platform just for tracking purposes?

[xC0uNt3r7hr34t]

Here is the telemetry config. note that named pipes are currently disabled by default and URL events require the browser extension to be deployed for full support.