Skip to main content

SentinelOne - User Guide

In this article, you will understand step by step how to easily integrate with SentinelOne

Updated over a week ago

SentinelOne is an endpoint detection and response (EDR) platform that provides autonomous threat prevention, detection, and response across endpoints, cloud workloads, and IoT devices. It uses AI-powered behavioral analysis to detect and respond to threats in real-time.

Permissions for SentinelOne Integration

Viewer role is the minimum required permission for read-only access to:

  • Agents (devices)

  • Alerts

  • System information

How to Connect Scytale and SentinelOne

1. In Scytale, go to 'Integrations'.

2. Search for SentinelOne and select 'Connect'.

3. Paste your API key

4. Add a connection name - this will be used to differentiate between your connections - and then select 'Connect'.

You have now successfully connected to SentinelOne!

How to create an API Key in SentinelOne

  1. API token generation for Admin:

    1. In user perspective, open ‘My User’

    2. Select Actions → API Token Operations → Generate API Token (copy the API Token)

  2. API token via Service User

    1. Go to Settings → Users Service Users


    2. Select Actions → Create Service user

    3. Assign the Viewer role (minimum required)


    4. Copy the API token immediately (shown only once!)

Related Articles
GCP Integrations - User Guide
GCP Resource Manager - User Guide
HiBob - User Guide
Wiz - User Guide
SentinelOne - User Guide
Did this answer your question?