Configure SentinelOne Connection

A SentinelOne connection securely stores reusable authentication credential information for integrations with SentinelOne. To create the connection, Alert Logic requires the following information from SentinelOne:

  • Management Hostname—The hostname portion of your SentinelOne domain. For example, if the domain is u1234-s123.sentinelone.net, the hostname is u1234-s123.
  • API Token—SentinelOne API user token that you generate in SentinelOne. This token allows Alert Logic to access your SentinelOne domain.

Alert Logic provides the following steps to help you create the connection. For further questions about the steps performed in the SentinelOne console, or if your interface looks different, contact SentinelOne support.

  1. Generate an API token in SentinelOne
  2. Create the SentinelOne connection in the Alert Logic console
  3. Use the connection in automated response

Generate an API token in SentinelOne

A connection to SentinelOne requires a SentinelOne API user token.

To generate an API token in SentinelOne:

  1. Log into the SentinelOne Management Console as a user with Admin-level access.
  2. On the Settings page, click the user's name in the top-right corner, and then click My User.
  3. Next to API Token, click the Generate link.
    If you see a "Last generated" date, you already have a token. In the menu accessed from the Options button, the Revoke API token and Regenerate API token options are available. Revoke removes the token authorization. Regenerate revokes the token and generates a new token. If you revoke or regenerate the token, existing integrations that use that token will not work.
  4. Click Copy and paste the token in a text editor for later. Note the expiration date. When the token expires, you must repeat this procedure to generate a new API token, and then edit the connection to use the new token.

Create the SentinelOne connection in the Alert Logic console

After you generate the API token in SentinelOne, the next step is to create the connection in the Alert Logic console.

To create a SentinelOne connection:

  1. In the Alert Logic console, click the navigation menu icon (), click Configure, and then click Connections.
  2. On the Connections page, click the add icon (), and then click SentinelOne.
  3. On the Create a SentinelOne Connection page, type a descriptive name for the connectionfor example, "SentinelOne Connection".
  4. In Management Hostname, enter the hostname portion of your SentinelOne domain.
    If your SentinelOne domain is u1234-s123.sentinelone.net, for example, enter the hostname u1234-s123.
  5. In API Token, paste the API user token that you noted in Generate an API token in SentinelOne.
  6. Click SAVE.

Use the connection in automated response

After you save the connection, you can use it for the simple response SentinelOne: Isolate Host.

For more information about automated response, see Get Started with Automated Response.

Manage connections

You can view the list of connections and edit or delete an existing one. For more information, see Manage Connections.