description |
---|
This document outlines the requirements and setup for the SentinelOne integration. |
{% hint style="success" %} This Integration supports multiple instances
Check out the instructions to set up multiple instances here. {% endhint %}
Before configuring the Rewst integration you must generate an API user.
- Go to Settings In the SentinelOne management console.
- Click Users.
- Click on 'Service Users' in the left panel.
- Select 'Actions → Create New Service User'
- Set a name and an expiration date for the account.
- Click 'Next'.
- Select "Account" as the access level and then select the parent site.
- Set the role to "Admin".
- Click Create User.
- Save the API key information.
Keep in mind that SentinelOne API tokens do have an expiration day (typically 6 months out).
Once you have created an API account, you will need to configure the integration within the Rewst platform.
Follow the below steps to configure a new integration:
- Log in to the Rewst platform.
- Click on the "Integrations" menu on the left sidebar.
- Click on or search for "SentinelOne".
- Complete the form with the details you created:
- Domain: This is the full URL to the SentinelOne tenant
- API Key: The API key that was generated for integration.
- Save the configuration.
Rewst will do a quick validation of your input.
Beneath that integration authentication section you will see the following options:
- Suggest Values: This option will attempt to generate mappings between Rewst organizations and child organizations in this integration.
- Refresh Options: This will re-read the potential mapping options - for both organizations and companies in SentinelOne.
- Save Mappings: This will apply mapping configuration changes.