.png?sv=2019-07-07&sig=5rkVcy%2FvXCvqWctUnw6X9UgR%2FAQ73P4%2FVXCATJoHDMo%3D&spr=https%2Chttp&st=2023-12-10T20%3A04%3A33Z&se=2023-12-10T20%3A14%3A33Z&srt=o&ss=b&sp=r){kind=logo}
SentinelOne
- 13 Nov 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
SentinelOne
- Updated on 13 Nov 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
SentinelOne is an endpoint protection solution including prevention, detection, and response.
Related Enforcement Actions
- SentinelOne - Add or Remove Tag to/from Assets
- SentinelOne - Initiate Scan
- SentinelOne - Remove Asset
- SentinelOne - Execute Remote Script Orchestration
- SentinelOne - Isolate/Unisolate a Device
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
- SaaS Data
Parameters
SentinelOne Domain (required) - The hostname or IP Address of the SentinelOne management server. This field format is '[instance].sentinelone.net'.
User Name and Password (optional) - The user name and password for an account that has site viewer access to the management server. For information on how to create users in SentinelONE, see Create a Single User.
Note:- The User Name and Password parameters take precedence over the API Token parameter.
- If API Token is not supplied, User Name and Password fields are required.
API token (optional) - The API token is created within the My User Profile of the account with viewer access to the management server.
Note:- When Two Factor Authentication is used, you must use API Token and leave the User Name and Password fields empty.
- If User Name and Password are not supplied, API Token field is required.
Verify SSL - Select to verify the SSL certificate offered by the value supplied in SentinelOne Domain. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in SentinelOne Domain.
Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter. When you select this option, 2 more fields are displayed.
- Click Choose file next to Client Private Key File to upload a client private key file in PEM format
- Click Choose file next to Client Certificate File to upload a public key file in PEM format
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note:
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch applications (default true) - Select this option to fetch Sentinel One applications.
- Fetch application CVEs (optional) - Select whether to fetch CVE security vulnerability information for software.
- Fetch decommissioned devices (optional) - Select whether to fetch devices that are decommissioned. This requires 'Endpoints View credentials' permission.
- Fetch threats for infected devices - Select this option to fetch threats of a device when the infected value on the SentinelOne server is set to true.
- Deep Visibility query - Enter a SentinelOne Deep Visibility query name to fetch the query events and parse them inside the devices as “Deep Visibility Events“.
- Background fetch tasks - Select tasks from the drop-down that will be fetched in the background.
- Background fetch interval (Hours)- (default: 72 (3 days)) - Set the interval in hours for background fetch.
Note:
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the following APIs
To fetch users:
- v2.1/users
For users with SaaS Management Capabilities
To Fetch user roles:
- v2.1/rbac/roles
To fetch Groups
- v2.1/groups
To fetch Events
- v2.1/dv/init-query
- v2.1/dv/query-status
- v2.1/dv/events
Was this article helpful?