SentinelOne

With Perch’s integration to SentinelOne, you can store, search, and visualize all the threats detected by SentinelOne within Perch, and let the Perch Security Analysts triage threats detected by SentinelOne alongside all your data in Perch.

Generate a SentinelOne API key for Perch to collect logs
Click here to go to the SentinelOne settings in the Perch app
Enjoy

Generate SentinelOne API Key

In order for Perch to access your SentinelOne logs, you must provide Perch with your SentinelOne API user token.

Log in to the Management Console as an Admin
Navigate to Settings > Users
Click on the Admin user you want to get a token for
- A new user could be created but is not required (A Viewer user role is sufficient for Perch to query the SentinelOne API)
Click on the Generate link next to Api Token
A new window will open with the API Token Click on Copy
You will also need your SentinelOne API URL

Copy API Token

Set up the integration in Perch

Login to the Perch app
Navigate to the Settings page
Navigate to the Integration section of the Settings page
Scroll until you see the SentinelOne integration
Click Install
Then click the right-facing chevron to enter the configuration page for the SentinelOne integration

In the Perch SentinelOne Authentication panel, paste your API Token

Perch SentinelOne Settings

Enter your SentinelOne URL (without https://)

URL Formatting

Set an expiration date for your API Token (optional)

API Token Expiration

Click “Save and Test”

Completed Integration

Enable log ingestion

Like all Perch integrations, you can enable or disable Sentinel One log ingestion at any time by toggling the switch from “OFF” ( gray ) to “ON” ( purple ), or the other way around.

Once you enable the log ingestion, you will receive a success message which you can toggle to see the health status of your integration.

Enable Log Ingestion / Health Status

API Token Warnings/Expiration

When your API Token is about to expire (if you set up an expiration date), you will get a warning letting you know how many days you have left before your Token expires.

Token Expiration Warning

When your API Token is expired you will get a notification letting you know you need to regenerate your API Token in SentinelOne in order to re-enable your integration.

Token Expired Warning

Still having trouble? Reach out to one or our specialists at help@perchsecurity.com

Auth0

Auvik

AWS CloudTrail

Bitdefender

Carbon Black

Cisco AMP For Endpoints

Cisco Duo

Cisco Meraki

Cisco Umbrella

ConnectWise Automate

ConnectWise Automate Advanced Monitoring

ConnectWise Control

ConnectWise Manage

Datto Autotask PSA

Freshdesk

Google Workspace / G Suite

Kaseya VSA

Mailgun

Microsoft Defender ATP

Microsoft Teams

Microsoft/Office 365

Okta

Proofpoint

Red Canary

Salesforce

SentinelOne

ServiceNow

Slack

SMS

Sophos Central

Supported Data Sources

Webhooks

Webroot SecureAnywhere

Generate SentinelOne API Key

Set up the integration in Perch

Enable log ingestion

API Token Warnings/Expiration

Related Articles