SentinelOne Integration
The SentinelOne integration provides InsightCloudSec visibility into the installation of the SentinelOne agent, and if it has been installed for a given compute instance.
- For general information about InsightCloudSec Integrations (editing and deleting), refer to the Integrations Overview page.
- If you need help with this integration, contact us through the Customer Support Portal.
Prerequisites & Requirements
Before getting started with this integration, ensure you have the following:
- Domain or Org Admin permissions within InsightCloudSec
- Familiarity and appropriate permissions for SentinelOne
- Required SentinelOne configuration details to complete the integration:
- SentinelOne Management URL
- SentinelOne API Key
SentinelOne Setup
- Login to SentinelOne and generate an API token.
- Login to a SentinelOne instance.
- Click your user name in the upper right corner, then click My User.
- Next to your user name, click Options.
- Click Generate API token.
- Copy and save the API token value and the login URL to a safe place.
- Login to InsightCloudSec and navigate to Administration > Integrations.
- Select Edit on the SentinelOne card and provide the following:
- Management URL
- API Key
- Click Save when you have completed the form for the SentinelOne integration.
SentinelOne Filters
The following Query Filters are currently available for use with the SentinelOne integration:
Instance With SentinelOne Agent Configured
Instance Without SentinelOne Agent Configured
For example, you can use the Query Filter Instance With SentinelOne Agent Configured
to show which instances have the SentinelOne Agent installed.
If you are interested in using these Query Filters with automation, InsightCloudSec also includes Bot actions (notifications, reports, etc) that may be valuable as part of your SentinelOne integration.
For detailed step-by-step instructions on using automation check out our documentation on Creating Bots. You can also check out Working with Bots (Best Practices & Examples) if you want to review some examples.
SentinelOne Agent Harvesting
All agents are harvested every hour, but net new SentinelOne agents will be harvested every half hour. However, you can manually enqueue the SentinelOne job to run with the following steps:
- Navigate to Administration > System Administration and select the Background Jobs tab.
- Search for Sentinel.
- Select the Enqueue Now option for the
SentinelOneAgentProcessor
job.