> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# SentinelOne VMS Instructions

> Instructions on how to generate credentials for SentinelOne's VMS integration with the required permissions.

For Leen to authenticate with SentinelOne, we require the following:

1. **Base URL**: The Base URL is the URL you use to manage your SentinelOne deployment. The Base URL has the format `https://<host>.sentinelone.net`.
2. **API Token**: A unique API token generated by a SentinelOne user. In the following section, we will cover how to create a Service User and generate an API token with the minimum scope of access.

<Warning>
  To use the SentinelOne VMS integration, you need to enable the Ranger Insights for your SentinelOne deployment. Log in to the SentinelOne console, go to the Sites page, select your site, click Edit Site and enable the **Vulnerability Management** option as shown below.

  <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/sentinelone/ranger-insights.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=d93385797d0e4e154b010b4fdc798620" alt="" width="721" height="997" data-path="images/sentinelone/ranger-insights.png" />
</Warning>

## User setup and Permissions

We highly recommend creating a new dedicated service user for the integration. This is to prevent a user from being removed from SentinelOne and disrupting your data ingestion.

Here is how you can create a new service user with the minimum required permissions for the integration:

<Steps>
  <Step title="Create a new Service User">
    In the SentinelOne console, navigate to the `Settings` page and click on `Users`. Here, select the `Service Users` option in the left hand menu and select **Create New Service User** from the Actions dropdown menu.

    <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/sentinelone/create-user.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=5562fecafabad78a5ab4a9e9256eb01f" alt="" width="970" height="382" data-path="images/sentinelone/create-user.png" />
  </Step>

  <Step title="Configure Service User">
    You will then be prompted to configure your new Service User. Give the user a name and description, and then set the **Expiration Date** to a time period that suits your organization's security policy.

    <Warning>Leen will not automatically renew the API token associated with this Service Account, you will have to manually create a new user and update your Leen connection with the new API token every time you provision a new Service User.</Warning>

    <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/sentinelone/user-config.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=76b20105887086700dff153ab5d298cd" alt="" width="593" height="433" data-path="images/sentinelone/user-config.png" />
  </Step>

  <Step title="Select User Scope of Access">
    After creating the user, you will be prompted to assign the new user a scope of access. The user will require the **Viewer** role to access the data required for the integration. We do not recommend giving the user any additional permissions.

    <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/sentinelone/user-scope.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=9a2eccdf455d3720cf4d5e42c34d1860" alt="" width="544" height="685" data-path="images/sentinelone/user-scope.png" />
  </Step>

  <Step title="Generate API Token">
    After creating the user, SentinelOne will generate an API token for your new Service User. This token is required to authenticate with the SentinelOne API. Copy the token and store it in a secure location. You will need to provide this token to Leen when setting up the integration.

    <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/sentinelone/api-token.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=4725229c8f1501826f88429cd06dfd85" alt="" width="609" height="451" data-path="images/sentinelone/api-token.png" />
  </Step>
</Steps>