Skip to main content

SentinelOne - User Guide

In this article, you will understand step by step how to easily integrate with SentinelOne

SentinelOne is an endpoint detection and response (EDR) platform that provides autonomous threat prevention, detection, and response across endpoints, cloud workloads, and IoT devices. It uses AI-powered behavioral analysis to detect and respond to threats in real-time.

Permissions for SentinelOne Integration

Viewer role is the minimum required permission for read-only access to:

  • Agents (devices)

  • Alerts

  • System information

How to Connect Scytale and SentinelOne

1. In Scytale, go to 'Integrations'.

2. Search for SentinelOne and select 'Connect'.

3. Enter your Tenant ID (This is typically your sub-domain. E.g. https://<TENANT-ID>.sentinelone.net)

4. Paste your API key

5. Add a connection name - this will be used to differentiate between your connections - and then select 'Connect'.

You have now successfully connected to SentinelOne!

How to create an API Key in SentinelOne

  1. API token generation for Admin:

    1. In user perspective, open ‘My User’

    2. Select Actions → API Token Operations → Generate API Token (copy the API Token)

  2. API token via Service User

    1. Go to Settings → Users Service Users


    2. Select Actions → Create Service user

    3. Assign the Viewer role (minimum required)


    4. Copy the API token immediately (shown only once!)

Related Articles
Wiz - User Guide
JumpCloud - User Guide
SentinelOne - User Guide
Sophos - User Guide
Splunk -User Guide
Did this answer your question?