Clone the AI-SIEM Repository

Objective: Retrieve the latest version of SentinelOne's AI-SIEM project so you can access dashboard and parser templates locally.

1. Launch VS Code - Open Visual Studio Code on your computer
2. Open Command Palette - Press Ctrl+Shift+P (Windows) or Cmd+Shift+P (macOS)
3. Run Git Clone - Type "Git: Clone" and select it
4. Enter Repository URL:
   https://github.com/Sentinel-One/ai-siem.git
5. Choose Destination - Select folder to store the project
6. Open Project - Click "Open" when prompted

💡 Tip: Periodically run git pull to fetch updates from the repository.

ℹ️ Alternative: Use GitHub CLI: gh repo clone sentinel-one/ai-siem

Finding Palo Dashboard Configuration

Objective: Find and copy the JSON configuration for the Palo Alto firewall OCSF dashboard within the cloned repository.

1. In VS Code Explorer, expand dashboards → community
2. Open folder palo_firewall_ocsf-latest
3. You'll find two files:
   • metadata.yaml - Prerequisites and metadata
   • palo_firewall_ocsf.conf - Dashboard configuration
4. Open palo_firewall_ocsf.conf
5. Select all text with Ctrl+A (or Cmd+A)
6. Copy with Ctrl+C (or Cmd+C)

💡 Tip: Keep the content on your clipboard for the next step.

⚠️ Important: Copy only the content between the curly braces { }.

Create a Dashboard in Singularity Console

Objective: Create a new dashboard in the Singularity console and paste the Palo Alto OCSF configuration.

1. Sign in to your SentinelOne Singularity console
2. Navigate to Operations Center → Dashboards & Reports
3. Click New Dashboard (+ button)
4. Name it: Palo Alto Firewall OCSF
5. Find Edit JSON or JSON view option
6. Select all existing content and paste your copied configuration
7. Click Save or Apply
8. Return to regular view to verify widgets appear

💡 Tip: Look for JSON editor under ⋯ menu or JSON tab.

⚠️ Note: Ensure no extra characters at beginning or end of JSON.