HomeMITRECVE JournalCarbonpediaDocsReleases
SentinelOne

SentinelOne

This guide explains how to integrate SentinelOne Singularity with RedCarbon.

Overview

The SentinelOne integration allows RedCarbon to ingest threats, alerts, and endpoints from the Singularity platform.

Configuration

To configure the integration, you need to create a dedicated Service User with a custom Role in the SentinelOne console.

Step 1: Create a Custom Role

  1. Log in to the SentinelOne console.
  2. Navigate to Policy & Settings > Console Settings > Roles.
  3. Create a new role with Role Scope: "Account".

Create Role

Step 2: Set Permissions

Configure the following permissions for the role:

  • Endpoints: View, View Threats
  • Endpoint Threats: All permissions
  • Accounts: View
  • Groups: View
  • Roles: View
  • SDL Alerts: All permissions
  • SDL Search: View, Edit, Create
  • STAR Rule Alerts: All permissions
  • Sites: View
  • Unified Alerts: All permissions

Set Permissions

Step 3: Create a Service User

  1. Navigate to Policy & Settings > Console Settings > Service Users.
  2. Set the expiration date (e.g., 1 year or "Never" if allowed).
  3. Assign the role created in Step 1.

Create Service User Assign Role

Step 4: Configure RedCarbon

  1. Copy the generated API Token and Base URL.
  2. Log in to the RedCarbon Dashboard.
  3. Navigate to the customer's Integrations page.
  4. Select SentinelOne.
  5. Paste the API Token and Base URL.
  6. Click Save and then Test.

Configure RedCarbon