SentinelOne

This document describes the procedure for configuring the SentinelOne connector to retrieve information via the SentinelOne API.

Objective

The purpose of this connector is to provide a method for retrieving the following information:

Tenant URL
API Token + expiration date

Prerequisites

Access to the SentinelOne portal with the required permissions.

Procedure

Generate API Token

Access the SentinelOne portal:
- Log in to the SentinelOne portal with administrator or account owner rights.
Navigate to API Token Settings:
- Click on User menu (top right).
- Select My User or your user account.
- Go to Options section.
Generate API Token:
- Click Generate API Token.
- Review the token permissions.
- Copy the generated API Token immediately.
- Store the token securely.
Note the Tenant URL:
- Your tenant URL will be visible in the portal (e.g., https://usea1-api.sentinelone.net).
- Store this URL for OverSOC configuration.

Configure in OverSOC

In OverSOC, go to Data Sources Settings > Sources.
Select SentinelOne and click Configure.
Enter the Tenant URL (e.g., https://usea1-api.sentinelone.net).
Paste the API Token in the authentication field.
Click Save Configuration.

The API token generation guide is available from within the SentinelOne Management Console under User > My User > Options. For additional details, contact your SentinelOne support representative.

Previous← Microsoft Defender for Endpoint NextVMware vCenter →