Skip to main content

SentinelOne Integrations

The SentinelOne integration collects and parses data from SentinelOne REST APIs. This integration also offers the capability to perform response actions on SentinelOne hosts directly through the Elastic Security interface 

Compatibility

This module has been tested against SentinelOne Management Console API version 2.1.

API token

To collect data from SentinelOne APIs, you must have an API token. To create an API token, follow these steps:

  1. Log in to the SentinelOne Management Console as an Admin.

image.png

2. Navigate to Logged User Account from top right panel in the navigation bar.

3. Click My User.

4. In the API token section, click Generate.

image.png

Note

The API token generated by the user is time-limited. To rotate a new token, log in with the dedicated admin account.

Integrate on Elastic

image.png

1. Add SentinelOne console URL (https://<DomainName>.sentinelone.net/, where <DomainName> is the domain name of your SentinelOne account.)

2. Add API token

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.

No Comments
Back to top