SentinelOne

This document provides the steps required to configure the SentinelOne Inspector.

👍

Quick Details

Recommended Agent: On-Demand
Supported Agents: On-Demand or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: SentinelOne Child Inspectors
Parent/Child Type Inspector: Yes
Inspection via: API
Data Summary: Here

See it in Action

Video isn't playing? Click here.

📘

SentinelOne User Information

The SentinelOne Inspector only pulls user accounts from the SentinelOne Management Console.

Inspector Setup Preparation

The SentinelOne Inspector is used to inspect the SentinelOne management console via their API. The Inspector returns data on SentinelOne sites and their statuses.

📘

Existing SentinelOne User Account

To set up this Inspector, you can use an existing SentinelOne user account as long as the user has Account-level access and has a "Viewer" or "Administrator" role.

If you are using an existing account, move to Step 3.

Step 1: Create a User Account for Liongard and Set Account Permissions

  1. Log in to your SentinelOne management console with an Administrator account.
  2. Navigate to Settings > Users Tab and click New User to start the process.
  1. Enter an appropriate name and email address and click Next
  • Recommended Name: Liongard
  • On the next screen, select Account and select the account(s) Liongard should have access to.
  • Set the account rights to Viewer and select Create User

Step 2: Activate your New Account

If creating a new user, an email will be sent to the email address you provided when setting up the user. You will need to follow a link in the email to verify the email address for the new account and set a new secure password.

Record the email address and password in a secure location. You will need to enter these into Liongard.

Step 3 (Optional): Generate an API Key

There are two ways to configure the SentinelOne Inspector in Liongard, through a username and password OR through an API Key.

We recommend configuring the Inspector with an API Key if the user account you are using has MFA enabled.

If you are using a username and password to configure the Inspector, move to Step 4.

Steps to Generate an API Key

  1. Log in to the Management Console as the user you are using to configure the SentinelOne Inspector and navigate to Your Name > My User in the top righthand corner.
  2. Select Options > Generate API Token
  3. A new window will open with the API Token, select Copy and record the token in a secure place.

Step 4: Record your SentinelOne Instance ID

Your SentinelOne instance ID is part of your Management Console URL. It appears before "sentinelone.net"

Record your Instance ID to enter it into Liongard when setting up the Inspector.

Liongard Inspector Setup

Step 1: Parent Inspector Setup

Since SentinelOne is a multi-tenant system where a single portal is used to manage many Environments, you will set up a single "Parent" Inspector with the access credentials for your SentinelOne portal that will then auto-discover "Child" Inspectors for each Environment.

In Liongard, navigate to Admin > Inspectors > Navigate to the SentinelOne Inspector > Add System.

Fill in the following information:

  • Type of Inspector: Parent
  • Environment: Select your MSP's Environment
  • Friendly Name: Suggested Naming: [MSP Name] SentinelOne Parent
  • Agent: Select On-Demand Agent
  • Inspector Version: Latest
  • SentinelOne Username: Email address of account created for Liongard previously.
    • If you are using an API Key to configure the Inspector, leave this field blank.
  • SentinelOne Password: Password for the above account.
    • If you are using an API Key to configure the Inspector, leave this field blank.
  • SentinelOne API Key: The SentinelOne API Key generated above.
    • If you are using a username and password to configure the Inspector, this field is not necessary.
  • SentinelOne Instance: This is the part of your SentinelOne URL for your instance that you recorded earlier. This should only be the Instance ID and should not contain .sentinelone.net or https://
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule.

Select Save. The Inspector will now be triggered to run within the minute

Step 2: Child Inspector Setup

After the first run of the Parent Inspector, your SentinelOne client sites will be Auto-Discovered in the Discovered Systems tab on the Inspectors > SentinelOne page.

Navigate to the Discovered Systems tab in your Inspectors > SentinelOne page

  • Activate or Archive your Discovered Systems by ensuring that they're mapped to the correct Environment > Check the checkbox to the left of Inspector(s) > Select the Actions drop down menu > Activate Launchpoints

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Connfiguration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Inspector FAQs


Did this page help you?