Integrate with SentinelOne

In this topic, you will learn how to set up the integration between Portnox™ Cloud and SentinelOne.

Important:
Prerequisite: Integration with SentinelOne requires one of the following conditions:

  • User devices have AgentP installed.

  • Portnox Cloud is integrated with Microsoft Intune, and user devices have SCEP certificates containing the device’s Intune ID in the SAN field.

  • Portnox Cloud is integrated with Jamf, and user devices have SCEP certificates containing the device’s Jamf ID in the SAN field.

If none of these conditions are met, Portnox Cloud cannot obtain device risk information from SentinelOne, and the integration will have no effect on risk assessment policies.

  1. Obtain an API token from SentinelOne:
    1. In the SentinelOne main menu, navigate to Settings > Service Users > Actions > Create New Service User.

    2. In the Create New Service User window, enter a Name for this service user, and in the Expiration Date field, select the 1 Year option. Then, click on the Next button.

    3. In the Select Scope of Access window, set access as Viewer for the Default site, and then click on the Create User button.

    4. In the API Token for... window, click on the Copy API Token link.

      Note:
      Save this token in a temporary text file. You will need it later.
  2. In the Cloud portal top menu, click on the Settings option.

  3. In the Cloud portal left-hand side menu, click on the Integration Services > SENTINELONE option.

  4. Enable SentinelOne integration
    1. Under the SentinelOne heading and description, click on the Edit link.

    2. Click on the Disabled/Enabled switch to put it in the Enabled position.

    3. In the API URI field, enter the base URI for your SentinelOne tenant without the trailing slash, for example, https://your_organization.sentinelone.net.

    4. In the API Token field, paste the token that you copied earlier from SentinelOne.

    5. Click on the Save button.
    6. Click on the Test link to test your integration settings.
      Note:
      We highly recommend testing this integration before using it in practice.

Result: Your SentinelOne integration is now active.