SentinelOne Integration

Connect Furl to SentinelOne using API credentials for endpoint security management and threat detection.

Description

SentinelOne is a unified endpoint security platform that provides AI-powered threat detection, prevention, and response across Windows, macOS, Linux, and mobile devices. Furl integrates with SentinelOne to import endpoint inventory and application risk data for comprehensive security posture management.

Configuration Steps

1. Create a Service User

   • Log in to your SentinelOne management console
   • Navigate to Policy & Settings
   • Under “User Management” → Service Users
   • Click “New Service User”
   • Give it a name like “Furl Integration”
   • Set expiration based on your organization’s policies
   • Choose the access scope:
     • Account Scope = access to All Customers
     • Site Scope = access to one or more Sites/Customers
   • Copy the API Token that is generated

2. Note Your Management URL

   • The Management URL is the base URL of your SentinelOne console
   • Typically in the format: https://<yourcompany>.sentinelone.net
   • This URL will be used for API authentication

Required Configuration

Provide the following in Furl:

• API Token - Your SentinelOne API token for authentication
• Management URL - The base URL of your SentinelOne management console (e.g., https://yourcompany.sentinelone.net)

Datasource Configuration

Endpoints

The Endpoints datasource retrieves comprehensive endpoint inventory including:

• Device details and OS information across Windows, macOS, Linux, and mobile devices
• Network interface data including IP addresses, MAC addresses, and interface names
• Agent version and last seen status information
• Organizational grouping and device classification

Application Management Risks

The Application Management Risks datasource provides:

• Vulnerable applications and security threats
• Application names, associated CVEs, and risk levels (Critical to Low severity)
• Affected device information

Supported Capabilities

Datasources

• Endpoints → Import comprehensive endpoint inventory from SentinelOne to understand your device landscape and security posture
• Application Management Risks → Import application risk data to identify vulnerable applications and prioritize remediation efforts

Actions

Currently no actions are supported for this integration.

Troubleshooting

• Ensure your Service User has the necessary permissions for endpoint and application risk data access
• Check that your SentinelOne account has API access enabled
• Verify your API token is valid and hasn’t expired (tokens typically expire after 6 months)
• Ensure your Management URL is correct and accessible
• Verify your Service User has the required permissions and hasn’t expired

Important Notes

• API tokens in SentinelOne have an expiration date, typically set to six months
• Set a reminder to regenerate the token before it expires to ensure uninterrupted integration
• The API Token will only be visible one time and cannot be reopened - store it securely before closing the window
• There is no way to refresh an API token; it must be deleted and recreated if needed

Back to Integrations

Documentation Home