Access SentinelOne threats on your RocketCyber dashboard
The Sentinel One App is designed to retrieve all threat data from the SentinelOne dashboard. It is designed to operate across all sites within your SentinelOne dashboard. This means that you will not have to authenticate the app to each customer within the RocketCyber console.
The account that you logon to the SentinelOne dashboard and generate the API Token with must have access to the threat data. Typically this is provided with the SOC role that is a predefined role in the SentinelOne Dashboard.
How to Set Up
- Find your SentinelOne API Token
- Log in to the SentinelOne portal. Copy the url you use to do this, as it will be needed later. It should be something like https://usea1-rocketcyber.sentinelone.net
- Go to the user menu on the right and select My User
- There may be an option to Generate API Token on the main user page. If not, go to Options > Generate API Token
- Copy the generated token
- Set up your Antivirus-RocketCyber mapping if you have not already done so
- Add the API Token and URL to your SentinelOne App configurations
- Go to your RocketCyber dashboard
- Enable the SentinelOne App in the App Store if you have not already done so
- Click the gear on the SentinelOne App to access the configuration menu
- Set up customer mapping so your detections are routed to the correct customer
- Paste the API Token into the API Token box
- Paste your SentinelOne login url into the URL box
- Click Authenticate
- Enjoy the convenience of SentinelOne threats delivered directly to your RocketCyber dashboard!
- This API token will last for 6 months. After that time you will need to follow this procedure again.
- You will get a warning in your app one week before the token expires
- To refresh the token, follow the exact same procedure outlined above.
- Paste the new API Token into the box, exactly like the first time. It will overwrite the old token
- If at any time you wish to revoke that token, you can click Revoke API token in the SentinelOne user menu, one item above the Generate API token option