Creating and Managing API Client in SentinelOne's Console

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

Please note that for this integration to funtion properly we require a minimum entitlement level of "SentinelOne Complete". https://www.sentinelone.com/platform-packages/

1. Introduction

A valid API Token and tenant URL is required in order to access SentinelOne's API

2. Prerequisites

• Access to the SentinelOne Console
• Administrator privileges

3. Generate API Token

Step 1: Access the SentinelOne Management Console

• Log in to your SentinelOne Management Console instance with administrative privileges.

Step 2: Click your username (Admin) on the top right hand corner

• Select My User
• Click on Actions
• Select API Token Operations
• Click Regenerate Api Token
• Copy the API Token

Step 2.1: EDR Events

In order to query for EDR Events, a Visibility Enhanced Key and Url are required. This is for the SentinelOne Singularity Data Lake Api.

• Select Visiblity (Enhanced)
• Click the profile name on the top right
• Click API Keys
• Under Log Access Keys, Click Add Key
• Select "Add Read Key"
• Copy the API key, this is the EDR Events credential
• Look at the URL bar in the browser, that is the EDR Events URL. For example: https://xdr.us1.sentinelone.net

4. Configure the Integration

URL This is the Base URL from where the SentinelOne Management Console Token came. For example, if you logged into your Management console at https://usea1-partners.sentinelone.net/, then your URL is https://usea1-partners.sentinelone.net/

Token The generated API Token