SentinelOne
SentinelOne is an endpoint protection solution including prevention, detection, and response.
Lucidum uses the SentinelOne Connector to ingest data from SentinelOne.
Requirements
To use the SentinelOne Connector in Lucidum:
Before configuring the SentinelOne connector in Lucidum, you must generate an API token that allows Lucidum to ingest data from SentinelOne.
You can then configure the SentinelOne connector in Lucidum and start ingesting data from SentinelOne.
Prerequisite: Generating an API Token in SentinelOne
Login to the Management Console for SentinelOne.
In the Management Console, click Settings > USERS.
Click your username.
Click the Edit button.
In Edit User > API Token page, click Generate.
If you see Revoke and Regenerate, you have already generated a token. Do not select Revoke and Regenerate. If you select the Revoke and Regenerate option, scripts that already use that token will not work.
If you click Generate, SentinelOne displays the token string and the date that the token expires.
Click DOWNLOAD to save the API Token.
Configuring the SentinelOne Connector
To configure Lucidum to ingest data from SentinelOne:
Log in to Lucidum.
In the left pane, click Connector.
In the Connector page, click Add Connector.
Scroll until you find the Connector for SentinelOne. Click Connect. The Settings page appears.
In the Settings page, enter the following:
URL. The URL of the SentinelOne API. For example, https://usea1-012.sentinelone.net/web/api/v2.0.
API token. The API token you created above.
Verify SSL. For future use.
To test the configuration, click Test.
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
If the connector is not configured correctly, Lucidum displays an error message.
Supported Actions
The SentinelOne Connector supports the following actions:
Update the SentinelOne agent
Initiate SentinelOne Full Disk Scan
Abort SentinelOne Full Disk Scan
Disconnect endpoints from the Network
Connect endpoints to the Network