SentinelOne Ranger creates visibility into your network by using distributed passive and active mapping techniques to discover running services, unmanaged endpoints, IoT devices, and mobiles.
Integrating with SentinelOne Ranger will provide visibility into the presence of devices observed by the SentinelOne agent.
This integration pulls all devices from networks within SentinelOne Ranger that have a minimum 5 agents present.
- Configure plugin: Configure SentinelOne
|The URL used to access the source|
|The API key used to identify the authorization and permissions|
|(Optional) fetch devices associate with only the specified Account IDs. Comma separated||`12333333333333333,1234444444444444444'|
|(Optional) fetch devices associate with only the specified Site IDs. Comma separated|
Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.
Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.
You'll be asked to provide source credentials that Sevco will use to connect to SentinelOne. The following steps will guide you in acquiring an API Token.
- Click on your username in the top right corner -> Click My User
- Next to API Token, click "generate".
The following permissions are required:
The user generating the API key must have at least Viewer permissions.
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, epp-edr
Updated about 1 month ago