Skills
.Work. You
Rest

sentinelone-sdl-log-parser

Community

Turn raw logs into deployable SDL parsers.

Data & Analytics#validation#parsing#mapping#sdl#ocsf#log-parser
Authorpmoses-s1
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This skill turns raw log samples into deployable SDL parsers, enabling end-to-end validation and deployment of parser definitions in the SDL tenant.

Core Features & Use Cases

  • Author, edit, and validate SentinelOne SDL log parsers from augmented-JSON definitions that live under /logParsers.
  • Validate end-to-end by deploying the parser, ingesting a sample, and querying parsed fields to confirm correct extraction.
  • Support multi-format SDL parsers with per-format attributes and mappings to produce OCSF-conformant events for hunts, dashboards, and PowerQuery queries.

Quick Start

Create a draft SDL parser JSON under /logParsers/<name>, deploy it with the put_file flow, ingest a sample with upload_logs, and verify results with a power query.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sentinelone-sdl-log-parser
Download link: https://github.com/pmoses-s1/claude-skills/archive/main.zip#sentinelone-sdl-log-parser

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.