SentinelOne is an endpoint protection solution including prevention, detection, and response.

Lucidum uses the SentinelOne Connector to ingest data from SentinelOne.

Requirements

To use the SentinelOne Connector in Lucidum:

  1. Before configuring the SentinelOne connector in Lucidum, you must generate an API token that allows Lucidum to ingest data from SentinelOne.

  2. You can then configure the SentinelOne connector in Lucidum and start ingesting data from SentinelOne.

Prerequisite: Generating an API Token in SentinelOne

  1. Login to the Management Console for SentinelOne.

  2. In the Management Console, click Settings > USERS.

  3. Click your username.

  4. Click the Edit button.

  5. In Edit User > API Token page, click Generate.

    If you see Revoke and Regenerate, you have already generated a token. Do not select Revoke and Regenerate. If you select the Revoke and Regenerate option, scripts that already use that token will not work.

  6. If you click Generate, SentinelOne displays the token string and the date that the token expires.

  7. Click DOWNLOAD to save the API Token.

Configuring the SentinelOne Connector

To configure Lucidum to ingest data from SentinelOne:

  1. Log in to Lucidum.

  2. In the left pane, click Connector.

  3. In the Connector page, click Add Connector.

  4. Scroll until you find the Connector for SentinelOne. Click Connect. The Settings page appears.

  5. In the Settings page, enter the following:

  6. To test the configuration, click Test.

    • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

    • If the connector is not configured correctly, Lucidum displays an error message.

Supported Actions

The SentinelOne Connector supports the following actions:

  • Update the SentinelOne agent

  • Initiate SentinelOne Full Disk Scan

  • Abort SentinelOne Full Disk Scan

  • Disconnect endpoints from the Network

  • Connect endpoints to the Network