- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Troubleshooting Cloud Collectors
Prerequisites to Configure the SentinelOne Alerts Cloud Collector
Complete the following prerequisites to configure the SentinelOne Alerts Cloud Collector:
Obtain the API Base URL for SentinelOne.
Obtain the API Base URL of SentinelOne by accessing the SentintelOne management console. For example:
https://<tenant-name>.sentinelone.net
. The API base URL helps in endpoint identification, routing of API calls, authentication and security, and configuration of applications that communicate with the SentinelOne APIs.Obtain the API token.
You can create an API token by creating a service user on the SentintelOne management console.
Obtain the Site IDs.
Within the SentinelOne management console, Site IDs are unique identifiers assigned to individual sites. The Site IDs help to organize and manage different groups of endpoints for applying policies, monitoring activities, and controlling security settings across multiple sites.
On the SentinelOne management console, navigate to Settings > SITES > Click the site for which you want to obtain the Site ID from the list of sites > Click SITE INFO.
Obtain the API Token for Service Users
If you want to customize the API token validity and set the expiration date, use the service user token.
To obtain the API token for service users:
Log in to the SentinelOne Management Console as an administrator.
Navigate to Settings > Users.
Click Service Users.
Click Actions > Create New Service User.
Enter the name and description for the new service user and select the Expiration Date.
In the Select Scope of Access section, select the account or site for which you want to get the data. Then select the role for the user. For example: Viewer.
Click Create User.
The API Token section displays an API Token represented by a string of letters and numbers.
Click Copy API Token.
Record the API Token to further use this value while configuring the cloud collector.