🌐
SentinelOne
sentinelone.com › faq
FAQ | SentinelOne
March 14, 2025 - SentinelOne has partnered with leading security and IT solutions from vendors like Splunk, IBM, AT&T, Netskope, and Recorded Future to deliver a rich XDR ecosystem. Marketplace integrations span multiple security domains, including SIEM, threat intelligence, malware sandboxing, CASB, and more. Learn more about Singularity Marketplace and Technology Alliances at s1.ai/marketplace. SentinelOne easily integrates with data analytics tools such as SIEMs, either through Syslog feeds or via our API.
🌐
Cisco XDR Connect
connect.xdr.security.cisco.com › automation › atomic › sentinelone-get-agents-by-id
SentinelOne - Get Agents by ID - Cisco XDR Connect
Account Key: None if using an integration-provided target, API token if using an HTTP endpoint target · Steps: [] Check which type of ID is being searched and build the query string [] Generate the authorization header [] Request matching agents from SentinelOne [] Check if the API request succeeded: []> If it did, set the output variables []> If it didn't, output an error
Videos
02:56
🌐 YouTube
Sentinel One API URL - YouTube
August 14, 2024
00:28
🌐 YouTube
How to generate an API token for Sentinel One - YouTube
November 15, 2023
00:26
🌐 YouTube
How to extract API token from SentinelOne - Integrating with Intezer ...
September 29, 2022
3.82K
View all
View all
People also ask
What is SentinelOne software?
SentinelOne Singularity platform is an industry-first data lake that seamlessly fuses together the data, access, control, and integration planes of its endpoint protection (EPP), endpoint detection and response (EDR), IoT security, and cloud workload protection (CWPP) into a centralized platform. With Singularity, organizations gain access to back-end data across the organization through a single solution, providing a cohesive view of their network and assets by adding a real time, autonomous security layer across all enterprise assets.
🌐
sentinelone.com
sentinelone.com › faq
FAQ | SentinelOne
What is SentinelOne used for?
SentinelOne provides a range of products and services to protect organizations against cyber threats. The SentinelOne security platform, named Singularity XDR, is designed to protect against various threats, including malware, ransomware, and other advanced persistent threats (APTs). It uses machine learning and other advanced analytics techniques to analyze real-time security data and identify patterns and behaviors that may indicate a security threat. When a threat is detected, the platform can automatically trigger a response, such as quarantining a device or issuing an alert to security pe
🌐
sentinelone.com
sentinelone.com › faq
FAQ | SentinelOne
How good is SentinelOne?
SentinelOne is regularly apprised by industry-leading analyst firms and independent 3rd party testing such as: · Gartner Best Endpoint Detection and Response (EDR) Solutions as Reviewed by Customers · Gartner named SentinelOne as a Leader in the Magic Quadrant for Endpoint Protection Platforms · MITRE Engenuity ATT&CK Carbanak and FIN7 results show SentinelOne leading all other cybersecurity vendors with 100% visibility, no missed detections and required no configuration changes. · MITRE Engenuity ATT&CK APT29 (2019) report: · SentinelOne Singularity Platform had the highest number of
🌐
sentinelone.com
sentinelone.com › faq
FAQ | SentinelOne
🌐
SentinelOne
sentinelone.com › resources
Resource Center | SentinelOne
How It Works The Singularity XDR Difference · Singularity Marketplace One-Click Integrations to Unlock the Power of XDR · Pricing & Packaging Comparisons and Guidance at a Glance · Data & AI · Purple AI Accelerate SecOps with Generative AI · Singularity Hyperautomation Easily Automate Security Processes ·
🌐
SecureWorks
docs.taegis.secureworks.com › integration › connectEndpoint › sentinelone
SentinelOne - Documentation
Enter a Name. This is how the integration is identified in XDR. Enter the Management Console URL. This is the address of your SentinelOne Management Console. For example, usea1-999-example.sentinelone.net. Add the API Token.
🌐
SentinelOne
sentinelone.com › blog › one-api-for-all-your-server-logs-2
SentinelOne | One API for All Your Server Logs
July 19, 2025 - Singularity XDR Native & Open Protection, Detection, and Response · Singularity RemoteOps Forensics Orchestrate Forensics at Scale · Singularity Threat Intelligence Comprehensive Adversary Intelligence · Singularity Vulnerability Management Application & OS Vulnerability Management ·
🌐
Netenrich
support.netenrich.com › hc › en-us › articles › 10072060736029-SentinelOne-EDR-API-Integration
SentinelOne EDR API Integration – Netenrich
Endpoint security software that defends every endpoint against every type of attack, at every stage in the threat life-cycle. Chronicle Data Types & Collection Method · API token ·
🌐
SentinelOne
sentinelone.com › cybersecurity-101 › endpoint-security › api-endpoint-security
API Endpoint Security: Key Benefits and Best Practices
October 2, 2025 - API gateways: API gateways provide the hosting or the endpoint for your API application. You can secure them using an endpoint security firewall like AWS API Gateway or SentinelOne Singularity XDR.
🌐
Postman
postman.com › api-evangelist › sentinelone › documentation › btzef0x › sentinelone
SentinelOne | Documentation | Postman API Network
We cannot provide a description for this page right now
Find elsewhere
🌐
Checkpoint
sc1.checkpoint.com › documents › Infinity_Portal › WebAdminGuides › EN › XDR-XPR-Admin-Guide › Content › Topics-XDR-XPR-AG › Settings › Integrations › SentinelOne.htm
Singularity Endpoint
To make it active, you must generate a new API token in the SentinelOne web portal and then re-configure API integration. Go to the Overview page and in the Connectivity widget, verify if Singularity Endpoint is listed as connected. If you revoke a certificate, you must regenerate and upload the certificate to the SentinelOne portal within two days. Log in to the Infinity XDR/XPR Administrator Portal:
🌐
Reddit
reddit.com › r/sentinelonexdr › sentinelone api - documentation
r/SentinelOneXDR on Reddit: SentinelOne API - Documentation
October 11, 2024 -

Hey There, I was hoping to start building a script to bulk upload rules into SentinelOne.
Do you happen to know if there is any official documentation (or good documentation) on working with the SentinelOne API?
I can only seem to find this from Postman at the moment

default | SentinelOne | Postman API Network

default | SentinelOne | Postman API Networkdefault | SentinelOne | Postman API Networkdefault | SentinelOne | Postman API Network

default | SentinelOne | Postman API Network

default | SentinelOne | Postman API Network

default | SentinelOne | Postman API Network

Top answer
1 of 3
3
the official swagger?
2 of 3
1
Yeah, it's in the console, click help and then API doc.
🌐
SentinelOne
sentinelone.com › cybersecurity-101 › xdr › xdr-architecture
XDR Architecture: What Is It and How to Implement
October 2, 2025 - It analyses access patterns, application usage, and API activity within the cloud, which may detect misconfigurations or breaches. Application data: This includes application-level data, such as logs from your applications, databases, and web ...
🌐
Wazuh
wazuh.com › home › integrating sentinelone xdr with wazuh
Integrating SentinelOne XDR with Wazuh | Wazuh
July 4, 2024 - The SentinelOne API provides an endpoint for retrieving logs. You can use this API endpoint to get logs from the SentinelOne cloud console if you do not have a publicly accessible server.
🌐
Palo Alto Networks
xsoar.pan.dev › docs › reference › integrations › sentinel-one-v2
SentinelOne v2 | Cortex XSOAR
You can use the queryId for all ... as the sentinelone-get-events command. ... Returns a list of Deep Visibility events from query by event type - process. ... Sends a shutdown command to all agents that match the input filter. ... Sends an uninstall command to all agents that match the input filter. ... Updates the analyst verdict to a group of threats that match the specified input filter. Relevant for API version ...
🌐
Query Docs
docs.query.ai › docs › sentinelone
SentinelOne Singularity Platform
Use Query Search to surface information about Events, Agents (Sentinels), and Users within the SentinelOne Singularity Platform. SentinelOne is an Extended Detection & Response (XDR) and Endpoint ...
🌐
Lumu
docs.lumu.io › portal › en › kb › articles › sentinelone-xdr-out-of-the-box-response-integration
SentinelOne XDR Out-of-the-box Response Integration
We cannot provide a description for this page right now
🌐
Sekoia.io
docs.sekoia.io › xdr › features › collect › integrations › endpoint › sentinelone
SentinelOne EDR
You're being redirected to a new destination
🌐
Netskope Community
community.netskope.com › dlp-7 › integration-of-netskope-with-sentinelone-xdr-5990
Integration of Netskope with SentinelOne XDR | Community
Top answer
1 of 2
1
If you go into the SentinelOne Singularity Marketplace page and search for Netskope you will see two available integrations.One direct integration, meaning S1 will make API calls to Netskope. This can trigger XDR Response Actions.Netskope API broker Cloud Exchange that will gather logs.We also have another one that shares threat information from Cloud Exchange.https://docs.netskope.com/en/netskope-help/integrations-439794/netskope-cloud-exchange/threat-exchange-module/configure-3rd-party-threat-exchange-plugins/sentinelone-plugin-for-threat-exchange/
2 of 2
1
While I work to get the documents around this integration posted I wanted to add which Netskope API endpoints are needed for the Netskope threat enrichment and threat intel sharing integration.REST APIv2/events/data/alert/ubadatasvc/user/uci (read and write)/api/v2/policy/urllist/deploy (read and write)/api/v2/policy/urllist (read and write)
🌐
Nexpose
docs.rapid7.com › insightidr › sentinelone
SentinelOne Endpoint Detection and Response | SIEM Documentation
In the Instance field, add the subdomain for your SentinelOne instance. For example, if the URL for your SentinelOne instance is https://usea1011.sentinelone.net, then enter usea1-011. In the Credentials section, add new credentials for API Key:
🌐
Synqly
docs.synqly.com › guides › provider-configuration › sentinelone-setup
SentinelOne-EDR Authentication Guide
In order to query for EDR Events, a Visibility Enhanced Key and Url are required. This is for the SentinelOne Singularity Data Lake Api. ... Look at the URL bar in the browser, that is the EDR Events URL. For example: https://xdr.us1.sentinelone.net
🌐
SentinelOne
sentinelone.com › blog › singularity-xdr-from-vision-to-reality
Singularity XDR - From Vision to Reality
October 27, 2022 - We make sure that every source we ingest and every API we expose actually makes an impact – does it enhance context, does it improve root-cause analysis, does it accelerate remediation? Today’s marketing and positioning around the need for XDR can be confusing. One might find different technologies claiming similar claims, leaving the buyer with too many options and the need to research what it actually means. For us at SentinelOne...