Creating and Managing API Client in SentinelOne's Console
Please note that for this integration to funtion properly we require a minimum entitlement level of "SentinelOne Complete". https://www.sentinelone.com/platform-packages/
1. Introduction
A valid API Token and tenant URL is required in order to access SentinelOne's API
2. Prerequisites
- Access to the SentinelOne Console
- Administrator privileges
3. Generate API Token
Step 1: Access the SentinelOne Management Console
- Log in to your SentinelOne Management Console instance with administrative privileges.
Step 2: Click your username (Admin) on the top right hand corner
- Select My User
- Click on Actions
- Select API Token Operations
- Click Regenerate Api Token
- Copy the API Token
Step 2.1: EDR Events
In order to query for EDR Events, a Visibility Enhanced Key and Url are required. This is for the SentinelOne Singularity Data Lake Api.
- Select Visiblity (Enhanced)
- Click the profile name on the top right
- Click API Keys
- Under Log Access Keys, Click Add Key
- Select "Add Read Key"
- Copy the API key, this is the EDR Events credential
- Look at the URL bar in the browser, that is the EDR Events URL. For example:
https://xdr.us1.sentinelone.net
4. Configure the Integration
URL This is the Base URL from where the SentinelOne Management Console Token came. For example, if you logged into your Management console at https://usea1-partners.sentinelone.net/, then your URL is https://usea1-partners.sentinelone.net/
Token The generated API Token