SentinelOne
  • 16 May 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

SentinelOne

  • Dark
    Light
  • PDF

Article summary

SentinelOne is an endpoint protection solution including prevention, detection, and response.

Related Enforcement Actions

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • SaaS Data

Parameters

  1. SentinelOne Domain (required) - The hostname or IP Address of the SentinelOne management server. This field format is '[instance].sentinelone.net'.

  2. User Name and Password (optional) - The user name and password for an account that has site viewer access to the management server. For information on how to create users in SentinelONE, see Create a Single User.

    Note:
    • If API Token is not supplied, User Name and Password fields are required.
    • The User Name and Password parameters take precedence over the API Token parameter.
  3. 2FA Secret (only for accounts with SaaS Management capability) - The secret generated in SentinelOne for setting up two-factor authentication for the adapter user created for collecting SaaS data.

  4. API token (optional) - The API token is created within the My User Profile of the account with viewer access to the management server.

    Note:
    • If User Name and Password are not supplied, API Token field is required.
    • When Two Factor Authentication is used, you must use API Token and leave the User Name and Password fields empty.
  5. Verify SSL - Select to verify the SSL certificate offered by the value supplied in SentinelOne Domain. For more details, see SSL Trust & CA Settings.

  6. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in SentinelOne Domain.

  7. Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter.

    • Click Upload File next to Client Private Key File to upload a client private key file in PEM format.
    • Click Upload File next to Client Certificate File to upload a public key file in PEM format.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

SEntinelOneSM


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Fetch applications - Select this option to fetch Sentinel One applications.
  2. Fetch application CVEs - Select whether to fetch CVE security vulnerability information for software.
  3. Ignore vulnerabilities from ubuntu packages - Select this option to ignore vulnerabilities of software detected as an ubuntu package.
  4. Fetch decommissioned devices - Select whether to fetch devices that are decommissioned. This requires 'Endpoints View credentials' permission.
  5. Fetch threats for infected devices - Select this option to fetch threats of a device when the infected value on the SentinelOne server is set to true.
  6. Fetch latest installed apps only - Select this option to fetch only the latest installed app.
  7. Fetch device control events - Select this option to fetch the device control events for each device.
  8. Fetch Application settings (optional, default: true) (only for accounts with SaaS Management capability) - Select this option to fetch application settings for users.
  9. Fetch last installed software version only - Select this option to fetch only the version with the most recent installed date for each software.
  10. Deep Visibility query - Enter a SentinelOne Deep Visibility query name to fetch the query events and parse them inside the devices as “Deep Visibility Events“.
  11. Remove old tags - Select this option to remove old tags that are no longer being fetched from SentinelOne.
  12. Background fetch tasks - Select tasks from the drop-down that will be fetched in the background.
  13. Background fetch interval (Hours)- (default: 72 (3 days)) - Set the interval in hours for background fetch.


Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


APIs

Axonius uses the following APIs
To fetch users:

  • v2.1/users

For users with SaaS Management Capabilities

To Fetch user roles:

  • v2.1/rbac/roles

To fetch Groups

  • v2.1/groups

To fetch Events

  • v2.1/dv/init-query
  • v2.1/dv/query-status
  • v2.1/dv/events

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.