Configuring the SentinelOne Monitor

Access SentinelOne threats on your RocketCyber dashboard


The Sentinel One App is designed to retrieve all threat data from the SentinelOne dashboard. It is designed to operate across all sites within your SentinelOne dashboard. This means that you will not have to authenticate the app to each customer within the RocketCyber console.

Required Permissions

The account that you logon to the SentinelOne dashboard and generate the API Token with must have access to the threat data. Typically this is provided with the SOC role that is a predefined role in the SentinelOne Dashboard.

How to Set Up

  1. Find your SentinelOne API Token
    1. Log in to the SentinelOne portal
    2. Go to the user menu on the right and select My User
    3. There may be an option to Generate API Token on the main user page. If not, go to Options > Generate API Token

    4. Copy the generated token
    1. Add the API Token to your SentinelOne App configurations
      1. Go to your RocketCyber dashboard
      2. Enable the SentinelOne App in the App Store if you have not already done so
      3. Go to the customer you will associate with this SentinelOne API token. We recommend you utilize the internal customer account you created for your MSP.
      4. Click the gear on the SentinelOne App to access the configuration menu
      5. Paste the API Token into the box
    2. Enjoy the convenience of SentinelOne threats delivered directly to your RocketCyber dashboard!

    Important Details

    1. This API token will last for 6 months. After that time you will need to follow this procedure again.
      1. You will get a warning in your app one week before the token expires
      2. To refresh the token, follow the exact same procedure outlined above.
      3. Paste the new API Token into the box, exactly like the first time. It will overwrite the old token
    2. If at any time you wish to revoke that token, you can click Revoke API token in the SentinelOne user menu, one item above the Generate API token option
    3. All AV data will be reported within a single customer in the RocketCyber dashboard.  We recommend you do the integration in your internal customer (i.e. the customer you put your own devices in).

      Future integrations are in development, based on creating a mapping from your the assigned site or company in your AV dashboard to the customer name in RocketCyber.