SentinelOne

To attach SentinelOne to your instance of Prelude, you will need 3 items:

You can attach SentinelOne using the PreludeCLI or the Detect console

Prelude CLI

prelude partner attach sentinelone --api <https://usea1-partners.sentinelone.net> --user <AccountID> --secret <API Secret>

Detect Console

Navigate to integrations page by clicking your username in the top right -> Account Settings -> Integrations:

Obtain BaseURL

You can obtain the base url from your SentinelOne instance browser window or follow the directions below.

Login to SentinelOne
Click on Help -> API Doc
Expand Accounts -> Click on Create Account
Click run on console
Click Run API query
The URL will be displayed. Click Copy URL.
An example provided URL: https://usea1-partners.sentinelone.net/web/api/v2.1/accounts
Remove everything after the .net: https://usea1-partners.sentinelone.net

Obtain Account ID

Obtain API Secret

Option 1: Create a custom role and service account for the Prelude Integration

Navigate to Settings -> Users -> Roles
Create new role for Prelude Integration with the following permissions scoped to the Account
- Endpoints
  - View
- Endpoint Threats
  - View
  - Update Incident Status
  - Update Analyst Verdict
- Endpoint Policy
  - View
Create new service account using the role created above and copy/save the token securely, this token will not be available to view again without creating a new one.

Option 2: User Account API Token

Login to Sentinel One
Click on Settings
Click on Users tab
Click on your console user -> you’ll see a modal for the selected user
Click on the Actions drop down -> API Token Operations -> Generate API token
Your API Token is displayed. Copy and save the token securely, this token will not be available to view again without creating a new one.