Skip to content

Getting started with SentinelOne

AQtive Guard can ingest SentinelOne endpoint data, including installed applications and IT inventory details, to enable centralized IT management and enhance security posture.

SentinelOne requirements

  • The SentinelOne URL you will connect to.
  • A SentinelOne API token (requires user creation).

Configure the SentinelOne integration

There are two main steps to configure the SentinelOne integration:

  1. In SentinelOne: Create a user account and generate an API token.
  2. In AQtive Guard: Configure the SentinelOne data source.

Create a user

In SentinelOne, follow these steps to create a user and generate an API token. For more information, refer to Generating an API token in the SentinelOne user documentation.

  1. Sign in to the SentinelOne Management Console with Admin user credentials.
  2. In the Management Console, select Settings.
  3. In the Settings view, select Users, then Service Users.
  4. Select the Actions dropdown, then Create New Service User.
  5. Enter the information for the new service user.
  6. In Role, select Admin.
  7. Select Save.

Log in to the SentinelOne Management Console with the credentials of the new user you just created to complete the following steps.

  1. Navigate to Settings, then Users.
  2. Select the newly added service user.
  3. Select Options, then Generate API token.
  4. Copy or download this API Token.

Note

The API token will not be displayed again for security reasons.

Configure the SentinelOne data source

Log in to AQtive Guard to complete the following steps.

  1. Select Data sources from the main menu, then select Configure in the SentinelOne panel.
  2. Enter the following information into the designated fields:
    • Instance URL - the location of the SentinelOne API.
    • API Token - the API token you generated in SentinelOne.
  3. (Optional) Select Test Connection to check the connection to the SentinelOne API.
  4. Select Submit to update the settings.

Note

Selecting Submit performs the same check as the Test connection button, in addition to verifying the API token is valid.

Use

Once the integration is configured, you can trigger a SentinelOne inventory ingestion.

Note

If the SentinelOne settings aren’t configured, the ingestion option will be disabled.

To ingest inventory data from SentinelOne:

  1. Select Data sources from the main menu, then select Details in the SentinelOne panel.

  2. Select: Start IT Inventory ingestion to trigger the ingestion of data into AQtive Guard.

    You’ll see a notification confirming that the data ingestion has started.

View SentinelOne data

Once the ingestion is complete, any relevant data will begin populating. To find it:

Look for the S1 tag in the Data sources column.

Unlink the SentinelOne integration only if your organization needs to reconfigure or stop data sharing with SentinelOne.

To unlink the SentinelOne configuration:

  1. Select Data sources from the main menu, then select Details in the SentinelOne panel.
  2. Select Unlink.
  3. Select Confirm and unlink SentinelOne.