Configuring SentinelOne

Accessing SentinelOne threats on your RocketCyber dashboard

Overview

The SentinelOne App is designed to retrieve all threat data directly from the SentinelOne dashboard. It operates across all sites within your SentinelOne dashboard, eliminating the need to authenticate the app for each organization within the RocketCyber console.

Required permissions

To log in to the SentinelOne dashboard and generate the API Token, your account must have access to the threat data. This access is typically granted through the SOC role, which is a predefined role in the SentinelOne Dashboard.

Finding your API Key for SentinelOne

To locate your API key for SentinelOne, follow the steps below:

1. Log in to your SentinelOne Cloud console and click Settings.

2. Select the Users tab.

3. Click Service Users.

4. Click Actions and then select Create New Service User.

5. In the Create New Service User pop-up window that opens, enter a Name and Description, then select an Expiration Date.

6. Click Next.

7. Select the Scope of Access. SentinelOne uses scope settings to define what the API key can access. The correct scopes should be automatically selected. If not, configure them with the following settings:

If you manage multiple customers:
- Under Select Scope of Access, click Site.
- Select the customer's site you are configuring monitoring for.

If you manage only one customer or your own organization:
- Under Select Scope of Access, click Account.
- Select the account that the user should have access to.

8. Click Create User.

9. In the pop-up window, click Copy API Token to copy the API key to your keyboard, or click Download API Token to download a copy of the API key.

IMPORTANT Document and store the API token value carefully, as it cannot be retrieved later.

Locating the API Domain

Before you set up the integration in RocketCyber, you will also need to locate your API domain. This domain is displayed in the URL of your SentinelOne Cloud console and should resemble something like https://usea1-rocketcyber.sentinelone.net.

NOTE Make sure to exclude any additional parts of the URL after (such as /dashboard or /console).

Enabling the SentinelOne App in RocketCyber's App Store

In RocketCyber:

1. Click App Store in the sidebar menu.

2. Scroll down until you find the SentinelOne Monitor.

3. Turn on the toggle until is green.

Adding the API Token and URL to your SentinelOne App configurations

1. Click Integrations in the sidebar menu.

2. Click the Endpoint Security Tab.

3. Select the Sentinel One Monitor tab.

4. Copy the API Token and paste it into the Enter your SentinelOne Api Token checkbox.

5. Copy your SentinelOne login URL and paste it into the Enter your SentinelOne URL checkbox.

6. Click Authenticate.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.