Skip to content
English
NopSec.com
  • There are no suggestions because the search field is empty.

How do I Integrate SentinelOne EDR?

This article will walk you through creating a dedicated API user in the SentinelOne Singularity Platform.

Step 1: Navigate to the Admin Section

Log into your SentinelOne Management Console. In the left-hand navigation menu, click on Settings. In the settings menu, select Admin.

Step 2: Create a Custom Role for View-Only Access

Before creating the user, we need to define the exact permissions it will have.

  1. Inside the Admin section, click on the Roles tab.
  2. Click the New Role button in the top right corner.

Step 3: Configure Role Permissions

  1. Role Name & Description: Give the role a descriptive name like API View Only or Auditor Read Access. Add a brief description of its purpose.
  2. Select Permissions: Carefully go through the list of available permissions (scopes). For each category you want to grant access to, select the View permission only. Leave all "Edit", "Create", and "Delete" permissions unchecked.
    Example Scopes for View-Only Access:
    • Endpoints: Endpoint View
    • Threats: Threat View, Threat Notes View
    • Policies: Policy View
    • Reports: Report View
  3. Click Save.

Step 4: Create the API Service User

Now that the role is defined, we can create the user account that will use it.

  1. Click on the Users tab.
  2. Click the New User button.

Step 5: Fill in User Details

  1. Full Name: Enter a name that clearly identifies this as a service account, for example, API Service Account - Auditor.
  2. Email: Provide an email address. For service accounts, it's best practice to use a distribution list or a dedicated service account mailbox (e.g., s1-api@yourcompany.com).
  3. Expiration (Optional but Recommended): Set an expiration date for the API key. This is a crucial security practice that ensures credentials are regularly rotated.
  4. Click Next.

Step 6: Assign the Custom Role

  1. Authentication Method: Ensure Password is selected.
  2. Assign Role: Select the custom view-only role you created in Step 3 (e.g., API View Only).
  3. Scope Access: Leave this as Global unless you need to restrict this user to specific Sites or Groups within your SentinelOne instance.
  4. Click Save.

Step 7: Generate and Securely Store the API Token

After saving the user, SentinelOne will automatically generate an API token for them.

  • The user you just created will appear in the user list.
  • Click on the user's name to open their details pane.
  • Click on the Generate button next to API Token.
  • Important: A dialog box will display the API token. This is the only time the full token will be shown. Click the copy icon and immediately store the token in a secure location, like a password manager or a secrets vault.

You have now successfully created a SentinelOne API user with a token that is strictly limited to view-only permissions for the scopes you defined. Use this token for your integrations and automations.

Step 8. Enable the integration in the Nopsec Platform

  • Navigate to Integrations in the NopSec UI and select the option to add the SentinelOne Control integration.
  • Enter Integration Access Info: When prompted enter the following information and click the "Save and Connect" button:
    • Connection Name: Unique name for this integration
    • Client ID:  Your specific organization's SentinelOne URL
    • Token: The token generated in the steps above.
    • SAVE and CLOSE