SentinelOne

API creation and configuration

1. To create the API you need to first create the Role. You can do so by going to “Policy & Settings” ⇒ “Roles” and Create a new role (Role Scope: “Account”)

   

2. Please flag all of the below permissions:

   • Endpoints → View, View Threats
   • Endpoint Threats → All permissions
   • Accounts → View
   • Groups → View
   • Roles – View
   • SDL Alerts → All permissions
   • SDL Search → View, Edit, Create
   • STAR Rule Alerts → All permissions
   • Sites → View
   • Unified Alerts → All permissions

3. Now move to Service Users to create the user

   

4. Set expiration date for 1 year and assign the role we just created

   

5. Copy all the info above to the RedCarbon ingestions page