Integrating SentinelOne with SecurityCoach
In this article, you will learn how to integrate SentinelOne’s endpoint protection platform (EPP) with SecurityCoach. Once the integration is complete, data provided by SentinelOne will be available for use under the SecurityCoach tab of your KMSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.
Click the links below to learn how to integrate SentinelOne with SecurityCoach.
Create an API Key
Before you can set up this integration in your KMSAT console, you will need to create a SentinelOne API key in your SentinelOne Cloud console.
To create an API key for SentinelOne, follow the steps below:
- Log in to your SentinelOne Cloud console, then click Settings.
- Select the Users tab.
- Select Service Users.
- Click Actions, then select Create New Service User.
- In the Create New Service User pop-up window that opens, enter a Name and Description, then select an Expiration Date.
- Click Next.
Select Account, then select Viewer for your account.
Click Create User.
In the pop-up window that opens, click Copy API Token to copy the API key to your keyboard, or click Download API Token to download a copy of the API key.
Note: Make sure to save this token to a place that you can easily access later. You will need the key to finish the setup process in the Set Up the Integration in Your KMSAT Console section of this article.
Locate the API Domain
Before you set up the integration in your KMSAT console, you will also need to locate your API domain. This domain is displayed in the URL of your SentinelOne Cloud console.
For example, in the image below, the API domain is “usea1-partners.sentinelone.net”.
You will need this API domain to complete the setup process in the Set Up the Integration in Your KMSAT Console section below.
Set Up the Integration in Your KMSAT Console
Once you have created your SentinelOne API key and located your API domain, you can set up the integration in your KMSAT console. To set up the integration in your KMSAT console, follow the steps below:
- Log in to your KMSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
- Locate SentinelOne and click Configure.
- Enter your API Key and the API Domain in the corresponding fields, then click Authorize.
Once you’ve successfully authorized this integration, you can manage detection rules for SentinelOne on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.