Ask the Community
Groups
Configuring the SentinelOne Monitor - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="access-sentinelone-threats-on-your-rocketcyber-dashboard">Access SentinelOne threats on your RocketCyber dashboard</h2> <h3 data-id="overview">Overview</h3> <p>The Sentinel One App is designed to retrieve all threat data from the SentinelOne dashboard. It is designed to operate across all sites within your SentinelOne dashboard. This means that you will not have to authenticate the app to each customer within the RocketCyber console.</p> <h3 data-id="required-permissions">Required Permissions</h3> <p>The account that you logon to the SentinelOne dashboard and generate the API Token with must have access to the threat data. Typically this is provided with the SOC role that is a predefined role in the SentinelOne Dashboard.</p> <h3 data-id="how-to-set-up">How to Set Up</h3> <ol><li>Find your SentinelOne API Token <ol><li>Log in to the SentinelOne portal. <strong>Copy the URL</strong> you use to do this, as it will be needed later. It should be something like <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fusea1-rocketcyber.sentinelone.net">https://usea1-rocketcyber.sentinelone.net</a>. <ol><li> <strong>DO NOT</strong> include any extra part of the URL after .net/.com (such as <em>/dashboard </em>or <em>/console</em>)</li> </ol></li> <li>Go to the user menu on the right and select <strong>My User</strong> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/QNZEW034FI9D/screen-shot-2020-04-01-at-10-23-51-am.png" alt="screen-shot-2020-04-01-at-10-23-51-am.png" class="embedImage-img importedEmbed-img"></img></figure></li> <li>There may be an option to Generate API Token on the main user page. If not, go to Options > Generate API Token<br><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/YQ4CDCUOAX6M/screen-shot-2020-04-01-at-10-24-22-am.png" alt="screen-shot-2020-04-01-at-10-24-22-am.png" class="embedImage-img importedEmbed-img"></img></li> <li>Copy the generated token</li> </ol></li> </ol><ol><li><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017915717" rel="noopener nofollow">Set up your Antivirus-RocketCyber mapping if you have not already done so</a></li> <li>Add the API Token and URL to your SentinelOne App configurations <ol><li>Go to your RocketCyber dashboard</li> <li>Enable the SentinelOne App in the App Store if you have not already done so</li> <li>Click the gear on the SentinelOne App to access the configuration menu</li> <li><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017915717" rel="noopener nofollow">Set up customer mapping so your detections are routed to the correct customer</a></li> <li>Paste the API Token into the API Token box</li> <li>Paste your SentinelOne login URL into the URL box</li> <li>Click <strong>Authenticate</strong> </li> </ol></li> <li>Enjoy the convenience of SentinelOne threats delivered directly to your RocketCyber dashboard!</li> </ol><h3 data-id="important-details">Important Details</h3> <ol><li>This API token will last for 6 months. After that time you will need to follow this procedure again. <ol><li>You will get a warning in your app one week before the token expires</li> <li>To refresh the token, follow the exact same procedure outlined above.</li> <li>Paste the new API Token into the box, exactly like the first time. It will overwrite the old token</li> </ol></li> <li>If at any time you wish to revoke that token, you can click <strong>Revoke API token</strong> in the SentinelOne user menu, one item above the <em>Generate API token</em> option</li> </ol> </article> </main>