The SentinelOne integration provides InsightCloudSec visibility into the installation of the SentinelOne agent, and if it has been installed for a given compute instance.
Before getting started with this integration, ensure you have the following:
- Domain or Org Admin permissions within InsightCloudSec
- Familiarity and appropriate permissions for SentinelOne
- Required SentinelOne configuration details to complete the integration:
- SentinelOne Management URL
- SentinelOne API Key
For general information about InsightCloudSec Integrations (editing and deleting), refer to the Integrations Overview page.
If you need help with this integration, contact us through the Customer Support Portal.
1. Login to SentinelOne and generate an API token.
- Login to a SentinelOne instance.
- Click your user name in the upper right corner, then click "My User".
- Next to your user name, click "Options".
- Click "Generate API token".
2. Copy and save the API token value and the login URL to a safe place.
2. Login to InsightCloudSec and navigate to "Administration --> Integrations".
3. Select "Edit" on the SentinelOne card and provide the following:
- Management URL
- API Key
4. Click "Save" when you have completed the form for the SentinelOne integration.
The following Query Filters are currently available for use with the SentinelOne integration:
Instance With SentinelOne Agent Configured
Instance Without SentinelOne Agent Configured
For example, you can use the Query Filter
Instance With SentinelOne Agent Configured to show which instances have the SentinelOne Agent installed. The following illustration shows two instances that have the SentinelOne Agent installed.
If you are interested in using these Query Filters with automation, InsightCloudSec also includes Bot actions (notifications, reports, etc) that may be valuable as part of your SentinelOne integration.
- For detailed step-by-step instructions on using automation check out our documentation on Creating Bots
- You can also check out Working with Bots (Best Practices & Examples) if you want to review some examples.
All agents are harvested every hour, but net new SentinelOne agents will be harvested every half hour. However, you can manually enqueue the SentinelOne job to run with the following steps:
1. Navigate to "Administration --> System Administration" and select the "Background Jobs" tab.
2. Search for "Sentinel".
3. Select the "Enqueue Now" option for the 'SentinelOneAgentProcessor' job.
Updated about 1 month ago