This article covers the step-by-step procedure to send data such as activities, agents, and threats from your SentinelOne instance to the Human Managed platform via API.
Human Managed will establish a connection to pull SentinelOne data from your instance. SentinelOne's API can be accessed using API client authentication to:
- use access tokens to make API requests
- manage multiple API clients within your organization
- define limited scopes of permissions for API functionality
Prerequisites
To add a new API client, you’ll need administrative privileges for SentinelOne.
Step 1: Create a service request for Human Managed to configure the API Receiver
- Submit a request
- In the Subject, type or select Connect SentinelOne via API
- Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.
Step 2: Configure SentinelOne Client API token in SentinelOne Management Console
To create an API token for SentinelOne, follow the steps below:
- Log in to your SentinelOne Cloud console, then click Settings.
- Select the Users tab.
- Select Service Users.
- Click Actions, then select Create New Service User.
- In the Create New Service User pop-up window that opens, enter a Name and Description, then select an Expiration Date.
- Click Next.
- Select Account, then select Viewer for your account.
- Click Create User.
- In the pop-up window that opens, click Copy API Token to copy the API key to your keyboard, or click Download API Token to download a copy of the API key.
Step 3: Submit your credentials to Human Managed
- In the same service request ticket you opened in Step 1, update the ticket with the following details:
SentinelOne API URL – Format would be: <https://xyz.sentinelone.net/>.
SentinelOne API Token – copy and paste the API Token value generated on Step 2
Comments
0 comments
Please sign in to leave a comment.