SentinelOne

Prev Next

This is a Discovery Integration.

  • This integration collects 14 days of history by default upon first connection.

Collect Required Information from Vendor

IMPORTANT!

You must meet the following prerequisites before you can continue.

  • You must have the “Admin role.”

  1. Log in to your SentinelOne Management Console using one of the roles as defined above.

  2. Go to Settings > Users > Service Users.

  3. Select Actions > Create New Service User.

  4. In the Create New Service User window…

    1. Set the Name and Description.

      • Name — “Calero SMP”

      • Description — (Optional) A description for the service user.

    2. Set the Expiration Date — Select 2 Years as the expiration date for the API token.

    3. Select Next.

  5. In the Select Scope of Access window…

    1. Set the preferred Account or Site access for the service user.

    2. Copy/save the following field(s) for use when onboarding this Integration:

      • API Key

    3. Select Create User.

  6. Next, determine your organization’s Management URL, which is the base URL specific to your organization when you are logged in to SentinelOne.

    EXAMPLE:

    https://myorg.sentinelone.net

  7. Copy/save the following field(s) for use when onboarding this Integration:

    • Subdomain

Onboard This Discovery Integration

  1. Go to SaaS Management > Applications.

  2. Select Add Integration.

  3. Select the Discovery Apps tab, then select the card with the vendor's name.

  4. From the API tab, enter the field(s) you copy/saved above.

  5. Select the Authorize button.

SUCCESS!

You will now be redirected to the Integrations page in Calero.com, where the data sync will continue in the background, and you can monitor progress.

SUGGESTION:

Access Help through your Calero.com instance if links between articles return errors or if there are fewer sections in the Help menu than expected. Doing so will ensure you see all Help articles.

Reference Information

Token Process

Calero uses an API token for SentinelOne, which is generated as described above.

This is supplied as an HTTP header in API requests.

  • Header name: Authorization

  • Header value: ApiToken {ApiToken}

Permissions required

These are the endpoints currently used and permissions required.

Endpoint

Permissions Required

GET /web/api/v2.1/sites

Sites.view permission

POST /web/api/v2.1/dv/init-query

Deep Visibility.view

GET /web/api/v2.1/dv/query-status

Deep Visibility.view

GET /web/api/v2.1/dv/events

Deep Visibility.view

NOTE:

The Complete SKU (product option) is required for Deep Visibility access.