SentinelOne connector
edit
A newer version is available. Check out the latest documentation.
SentinelOne connector
editThe SentinelOne connector communicates with SentinelOne Management Console via REST API.
To use this connector, you must have authority to run Endpoint Security connectors, which is an Actions and Connectors sub-feature privilege. Refer to Kibana privileges.
Create connectors in Kibana
editYou can create connectors in Stack Management > Connectors. For example:
Connector configuration
editSentinelOne connectors have the following configuration properties:
- API token
- A SentinelOne API token created by the user.
- URL
-
The SentinelOne tenant URL. If you are using the
xpack.actions.allowedHostssetting, make sure the hostname is added to the allowed hosts.
Test connectors
editYou can test connectors as you’re creating or editing the connector in Kibana. For example:
