For Leen to authenticate with SentinelOne, we require the following:

  1. Base URL: The Base URL is the URL you use to manage your SentinelOne deployment. The Base URL has the format https://<host>.sentinelone.net.
  2. API Token: A unique API token generated by a SentinelOne user. In the following section, we will cover how to create a Service User and generate an API token with the minimum scope of access.

To use the SentinelOne VMS integration, you need to enable the Ranger Insights for your SentinelOne deployment. Log in to the SentinelOne console, go to the Sites page, select your site, click Edit Site and enable the Vulnerability Management option as shown below.

User setup and Permissions

We highly recommend creating a new dedicated service user for the integration. This is to prevent a user from being removed from SentinelOne and disrupting your data ingestion.

Here is how you can create a new service user with the minimum required permissions for the integration:

1

Create a new Service User

In the SentinelOne console, navigate to the Settings page and click on Users. Here, select the Service Users option in the left hand menu and select Create New Service User from the Actions dropdown menu.

2

Configure Service User

You will then be prompted to configure your new Service User. Give the user a name and description, and then set the Expiration Date to a time period that suits your organization’s security policy.

Leen will not automatically renew the API token associated with this Service Account, you will have to manually create a new user and update your Leen connection with the new API token every time you provision a new Service User.

3

Select User Scope of Access

After creating the user, you will be prompted to assign the new user a scope of access. The user will require the Viewer role to access the data required for the integration. We do not recommend giving the user any additional permissions.

4

Generate API Token

After creating the user, SentinelOne will generate an API token for your new Service User. This token is required to authenticate with the SentinelOne API. Copy the token and store it in a secure location. You will need to provide this token to Leen when setting up the integration.