SentinelOne Integrations
The SentinelOne integration collects and parses data from SentinelOne REST APIs. This integration also offers the capability to perform response actions on SentinelOne hosts directly through the Elastic Security interface
Compatibility
This module has been tested against SentinelOne Management Console API version 2.1
.
API token
To collect data from SentinelOne APIs, you must have an API token. To create an API token, follow these steps:
- Log in to the SentinelOne Management Console as an Admin.
3. Click My User.
4. In the API token section, click Generate.
Note
The API token generated by the user is time-limited. To rotate a new token, log in with the dedicated admin account.
Integrate on Elastic
1. Add SentinelOne console URL (https://<DomainName>.sentinelone.net/
, where <DomainName>
is the domain name of your SentinelOne account.)
2. Add API token
If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.