SentinelOne Integration
Copy link

The SentinelOne integration provides Cloud Security (InsightCloudSec) visibility into the installation of the SentinelOne agent, and if it has been installed for a given compute instance.

  • For general information about Cloud Security (InsightCloudSec) Integrations (editing and deleting), refer to the Integrations Overview page.
  • If you need help with this integration, contact us through the Customer Support Portal .

Prerequisites & Requirements
Copy link

Before getting started with this integration, ensure you have the following:

  • Domain or Org Admin permissions within Cloud Security (InsightCloudSec)
  • Familiarity and appropriate permissions for SentinelOne
  • Required SentinelOne configuration details to complete the integration:
    • SentinelOne Management URL
    • SentinelOne API Key

SentinelOne Setup
Copy link

  1. Login to SentinelOne and generate an API token. a. Login to a SentinelOne instance. b. Click your user name in the upper right corner, then click My User. c. Next to your user name, click Options. d. Click Generate API token.
  2. Copy and save the API token value and the login URL to a safe place.
  3. Login to Cloud Security (InsightCloudSec) and navigate to Settings > Integrations.
  4. Select Edit on the SentinelOne card and provide the following:
    • Management URL
    • API Key
  5. Click Save when you have completed the form for the SentinelOne integration.

SentinelOne Filters
Copy link

The following Query Filters are currently available for use with the SentinelOne integration:

  • Instance With SentinelOne Agent Configured
  • Instance Without SentinelOne Agent Configured

For example, you can use the Query Filter Instance With SentinelOne Agent Configured to show which instances have the SentinelOne Agent installed. If you are interested in using these Query Filters with automation, Cloud Security (InsightCloudSec) also includes Bot actions (notifications, reports, etc) that may be valuable as part of your SentinelOne integration.

For detailed step-by-step instructions on using automation check out our documentation on Creating Bots. You can also check out Working with Bots (Best Practices & Examples) if you want to review some examples.

SentinelOne Agent Harvesting
Copy link

All agents are harvested every hour, but net new SentinelOne agents will be harvested every half hour. However, you can manually enqueue the SentinelOne job to run with the following steps:

  1. Navigate to Settings > System Administration and select the Background Jobs tab.
  2. Search for Sentinel.
  3. Select the Enqueue Now option for the SentinelOneAgentProcessor job.