Skip to main content

CollectorsCloud Collectors Administration Guide

Table of Contents

Prerequisites to Configure the SentinelOne Alerts Cloud Collector

Complete the following prerequisites to configure the SentinelOne Alerts Cloud Collector:

  • Obtain the API Base URL for SentinelOne.

    Obtain the API Base URL of SentinelOne by accessing the SentintelOne management console. For example: https://<tenant-name>.sentinelone.net. The API base URL helps in endpoint identification, routing of API calls, authentication and security, and configuration of applications that communicate with the SentinelOne APIs.

  • Obtain the API token.

    You can create an API token by creating a service user on the SentintelOne management console.

  • Obtain the Site IDs.

    Within the SentinelOne management console, Site IDs are unique identifiers assigned to individual sites. The Site IDs help to organize and manage different groups of endpoints for applying policies, monitoring activities, and controlling security settings across multiple sites.

    On the SentinelOne management console, navigate to Settings > SITES > Click the site for which you want to obtain the Site ID from the list of sites > Click SITE INFO.

    SITE_ID_2.png

Obtain the API Token for Service Users

If you want to customize the API token validity and set the expiration date, use the service user token.

To obtain the API token for service users:

  1. Log in to the SentinelOne Management Console as an administrator.

  2. Navigate to Settings > Users.

  3. Click Service Users.

  4. Click Actions > Create New Service User.

    SentinelOne_console_1.png
  5. Enter the name and description for the new service user and select the Expiration Date.

    SentinelOne_console_2.png
  6. In the Select Scope of Access section, select the account or site for which you want to get the data. Then select the role for the user. For example: Viewer.

    SentinelOne_console_4.png
  7. Click Create User.

    The API Token section displays an API Token represented by a string of letters and numbers.

    SentinelOne_console_5.png
  8. Click Copy API Token.

    Record the API Token to further use this value while configuring the cloud collector.