• 13 Nov 2023
  • 2 Minutes to read
  • Dark
  • PDF


  • Dark
  • PDF

Article Summary

SentinelOne is an endpoint protection solution including prevention, detection, and response.

Related Enforcement Actions

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • SaaS Data


  1. SentinelOne Domain (required) - The hostname or IP Address of the SentinelOne management server. This field format is '[instance]'.

  2. User Name and Password (optional) - The user name and password for an account that has site viewer access to the management server. For information on how to create users in SentinelONE, see Create a Single User.

    • The User Name and Password parameters take precedence over the API Token parameter.
    • If API Token is not supplied, User Name and Password fields are required.
  3. API token (optional) - The API token is created within the My User Profile of the account with viewer access to the management server.

    • When Two Factor Authentication is used, you must use API Token and leave the User Name and Password fields empty.
    • If User Name and Password are not supplied, API Token field is required.
  4. Verify SSL - Select to verify the SSL certificate offered by the value supplied in SentinelOne Domain. For more details, see SSL Trust & CA Settings.

  5. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in SentinelOne Domain.

  6. Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter. When you select this option, 2 more fields are displayed.


    • Click Choose file next to Client Private Key File to upload a client private key file in PEM format
    • Click Choose file next to Client Certificate File to upload a public key file in PEM format

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.


Advanced Settings


Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Fetch applications (default true) - Select this option to fetch Sentinel One applications.
  2. Fetch application CVEs (optional) - Select whether to fetch CVE security vulnerability information for software.
  3. Fetch decommissioned devices (optional) - Select whether to fetch devices that are decommissioned. This requires 'Endpoints View credentials' permission.
  4. Fetch threats for infected devices - Select this option to fetch threats of a device when the infected value on the SentinelOne server is set to true.
  5. Deep Visibility query - Enter a SentinelOne Deep Visibility query name to fetch the query events and parse them inside the devices as “Deep Visibility Events“.
  6. Background fetch tasks - Select tasks from the drop-down that will be fetched in the background.
  7. Background fetch interval (Hours)- (default: 72 (3 days)) - Set the interval in hours for background fetch.


To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


Axonius uses the following APIs
To fetch users:

  • v2.1/users

For users with SaaS Management Capabilities

To Fetch user roles:

  • v2.1/rbac/roles

To fetch Groups

  • v2.1/groups

To fetch Events

  • v2.1/dv/init-query
  • v2.1/dv/query-status
  • v2.1/dv/events

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.