SentinelOne Integration

Instructions for Integration Between SentinelOne & InsightCloudSec

The SentinelOne integration provides InsightCloudSec visibility into the installation of the SentinelOne agent, and if it has been installed for a given compute instance.

Prerequisites & Requirements

Before getting started with this integration, ensure you have the following:

  • Domain or Org Admin permissions within InsightCloudSec
  • Familiarity and appropriate permissions for SentinelOne
  • Required SentinelOne configuration details to complete the integration:
    • SentinelOne Management URL
    • SentinelOne API Key

For general information about InsightCloudSec Integrations (editing and deleting), refer to the Integrations Overview page.

If you need help with this integration, contact us through the Customer Support Portal.

SentinelOne Setup

1. Login to SentinelOne and generate an API token.

  • Login to a SentinelOne instance.
  • Click your user name in the upper right corner, then click "My User".
  • Next to your user name, click "Options".
  • Click "Generate API token".

2. Copy and save the API token value and the login URL to a safe place.

2. Login to InsightCloudSec and navigate to "Administration --> Integrations".

16001600

SentinelOne Integration

3. Select "Edit" on the SentinelOne card and provide the following:

  • Management URL
  • API Key
16001600

SentinelOne Integration Form

4. Click "Save" when you have completed the form for the SentinelOne integration.

SentinelOne Filters

The following Query Filters are currently available for use with the SentinelOne integration:

  • Instance With SentinelOne Agent Configured
  • Instance Without SentinelOne Agent Configured

For example, you can use the Query Filter Instance With SentinelOne Agent Configured to show which instances have the SentinelOne Agent installed. The following illustration shows two instances that have the SentinelOne Agent installed.

22172217

Instances with SentinelOne Agents Configured

If you are interested in using these Query Filters with automation, InsightCloudSec also includes Bot actions (notifications, reports, etc) that may be valuable as part of your SentinelOne integration.

SentinelOne Agent Harvesting

All agents are harvested every hour, but net new SentinelOne agents will be harvested every half hour. However, you can manually enqueue the SentinelOne job to run with the following steps:

1. Navigate to "Administration --> System Administration" and select the "Background Jobs" tab.

2. Search for "Sentinel".

3. Select the "Enqueue Now" option for the 'SentinelOneAgentProcessor' job.

22202220

Enqueue "SentinelOneAgentProcessor" Job Manually


Did this page help you?