If you're having trouble at any stage please contact us at firstname.lastname@example.org.
The goal of this guide is to add a new SkyFormation for SentinelOne connector to your Exabeam Cloud Connectors (aka SkyFormation platform).
To add the SentinelOne connector to your SkyFormation platform, you will need to have the following SentinelOne account's information at hand:
- Api Hostname
To get the Api Token please follow the steps below taken from the Symantec "CloudSOC Management API" user guide, provided by SentinelOne:
Generating an API Token from the WebUI:
In your Management Console, click Settings > USERS.
Click your username.
Click the edit button.
In Edit User > API Token, click Generate. If you see Revoke and Regenerate, you already have a token. If you revoke or regenerate it, scripts that use that token will not work. There is no confirmation. Revoke removes the token authorization. Regenerate revokes the token and generates a new token. If you click Generate or Regenerate, a message shows the token string and the date that the token expires.
This token will be regenerated automatically by the cloud connector every six months.
Api Hostname will be provided by SentinelOne support group.
For example: my-mgmt.sentinelone.com. Note: Do not include the "https://" prefix to the host name. Include only the domain name.
Steps to onboard the connector
Logon to your SkyFormation Platform:
Navigate via left navigation panel to "Settings" section
Navigate via New Settings left navigation panel to "Accounts" section
Click the "Add Account" bottom
At the "SELECT SERVICE TO ADD" choose "SentinelOne". You will see the following Screen:
Fill in the following information:
- Account Name:
Give the SentinelOne connector a meaningful name for you.
This will become your cloud app connector name displayed in the application and the events sent to external systems as SIEM/Log management.
Add a text that describes the SentinelOne service for you. This is an optional field.
- Api Token
Api Token retrieved at the prerequisite section.
- Api Hostname
Api Hostname received from SentinelOne support (see prerequisite section).
At this point, you can click on "TEST CONNECTION" to make sure the connection is set up successfully, or just click on "DONE".
Start the connector and make sure that the status becomes "OK" after a few seconds.