Connecting to SentinelOne

Overview

With BrightGauge’s integration to SentinelOne, you can visualize information related to threats detected and agents by SentinelOne within BrightGauge, and display that information on your dashboards. 

SentinelOne Integration Setup

  1. Navigate to the DATA dropdown.

  2. Select Datasources.
    SentinelOne_BrightGauge_1.png


  3. Click Add a New Datasource
    SentinelOne_BrightGauge_2.png



  4. Navigate to the Security tab and select SentinelOne
    SentinelOne_BrightGauge_3.png


  5. Enter the email address associated with your account in the Name field. 
    SentinelOne_BrightGauge_4.png


  6. Enter the subdomain (URL) for your SentinelOne instance in the Subdomain field. Please be sure to exclude the "/" character at the end of your URL. Leaving it would cause both the data source to break and/or dataset authentication errors.


  7. Enter the SentinelOne API Token.
    1. To locate the API token, navigate to SentinelOne.
    2. Select My User.
    3. Click Options.
    4. Select Generate API Token. If this is not the first time you have done this it will say Regenerate API Token.


  8. Click Test Connection
    SentinelOne_BrightGauge_5.png


  9. Click Save.

Default Datasets

To locate your datasets, navigate to DATA > Datasets.

  • SentinelOne Agents Mod
  • SentinelOne Threat Info Mod.

SentinelOne Gauges and Dashboards

Once setup is complete you will have access to a list of new gauges displaying information from SentinelOne.

SentinelOne - Threats

Image_2022-11-09_at_10.11.46_AM.jpg

SentinelOne - Agents

Image_2022-11-09_at_10.12.48_AM.jpg

 

 

Was this article helpful?
7 out of 16 found this helpful

Comments

0 comments