- 13 Nov 2023
- 2 Minutes to read
- Updated on 13 Nov 2023
- 2 Minutes to read
SentinelOne is an endpoint protection solution including prevention, detection, and response.
Related Enforcement Actions
- SentinelOne - Add or Remove Tag to/from Assets
- SentinelOne - Initiate Scan
- SentinelOne - Remove Asset
- SentinelOne - Execute Remote Script Orchestration
- SentinelOne - Isolate/Unisolate a Device
Types of Assets Fetched
This adapter fetches the following types of assets:
- SaaS Data
SentinelOne Domain (required) - The hostname or IP Address of the SentinelOne management server. This field format is '[instance].sentinelone.net'.
User Name and Password (optional) - The user name and password for an account that has site viewer access to the management server. For information on how to create users in SentinelONE, see Create a Single User.Note:
- The User Name and Password parameters take precedence over the API Token parameter.
- If API Token is not supplied, User Name and Password fields are required.
API token (optional) - The API token is created within the My User Profile of the account with viewer access to the management server.Note:
- When Two Factor Authentication is used, you must use API Token and leave the User Name and Password fields empty.
- If User Name and Password are not supplied, API Token field is required.
Verify SSL - Select to verify the SSL certificate offered by the value supplied in SentinelOne Domain. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in SentinelOne Domain.
Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter. When you select this option, 2 more fields are displayed.
- Click Choose file next to Client Private Key File to upload a client private key file in PEM format
- Click Choose file next to Client Certificate File to upload a public key file in PEM format
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch applications (default true) - Select this option to fetch Sentinel One applications.
- Fetch application CVEs (optional) - Select whether to fetch CVE security vulnerability information for software.
- Fetch decommissioned devices (optional) - Select whether to fetch devices that are decommissioned. This requires 'Endpoints View credentials' permission.
- Fetch threats for infected devices - Select this option to fetch threats of a device when the infected value on the SentinelOne server is set to true.
- Deep Visibility query - Enter a SentinelOne Deep Visibility query name to fetch the query events and parse them inside the devices as “Deep Visibility Events“.
- Background fetch tasks - Select tasks from the drop-down that will be fetched in the background.
- Background fetch interval (Hours)- (default: 72 (3 days)) - Set the interval in hours for background fetch.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Axonius uses the following APIs
To fetch users:
For users with SaaS Management Capabilities
To Fetch user roles:
To fetch Groups
To fetch Events