SentinelOne Singularity integration

Procedure

1. Sign in to your SentinelOne Singularity console using an account with the Admin role.
2. Go to Policies and settings → User management → Roles.
3. Create a new role capable of using the REST and GraphQL API to get inventory, alert, and vulnerability information. The following permission sets are required:
   • Endpoint Threats
   • Extended Security Posture Management
   • Unified Alerts
   • Unified Asset Inventory
   • Unified Tags
4. Click Save.
5. Under Service users, click New Service User.
6. Enter the name of the service (Trend Vision One) and a description for the user.
7. Set an expiration date for the service user API token. The expiration date can be as long or short as necessary, but you cannot change the set expiration date after you create the service user.
8. Select the site or sites that the service user accesses to collect data.
9. In the Role column, select the role you created earlier.
10. Click Create Service User.

    Note Depending on your console settings, you may need to provide a two-factor authentication code to complete the action.

    The API token for the new service user appears. Ensure you copy the token before clicking Close.
11. In the Trend Vision One console, go to Workflow and Automation → Third-Party Integrations → .
12. Search for and select SentinelOne Singularity.
13. Click Connect SentinelOne Singularity.
14. In the connection settings, provide the URL you use to sign in to your SentinelOne Singularity console and the service user API token you copied earlier.
15. Click Test connection.
16. If the test is successful, click Save.
17. Verify the data sync status in Data Source and Log Management. If the API token has expired, regenerate the API token for the service user and reconfigure the integration in Third-Party Integrations.