Import Data from SentinelOne

Mondoo can import data from SentinelOne and incorporate that data with its own findings. With a unified view of SentinelOne's vulnerabilities and Mondoo scan results, you can take advantage of Mondoo's powerful security visualization, prioritization, and ticket system integration.

Prerequisites

Before you integrate SentinelOne with Mondoo, be sure you have:

• A Mondoo account with Editor or Owner permissions for the space in which you want to add the integration

• A SentinelOne Singularity account with administrator privileges

Integrate Mondoo with SentinelOne

To create a new SentinelOne integration in Mondoo, perform these steps:

Step A: Create a SentinelOne service user to give Mondoo access to SentinelOne data

Step B: Add a new SentinelOne integration in the Mondoo Console

Step A: Create a SentinelOne service user

Like any service that integrates with SentinelOne, Mondoo must have a service user that gives it access to SentinelOne data. The service user is a non-human user account with a token that gives Mondoo access through the SentinelOne API. To learn about service users, read "Overview of service users" in the SentinelOne documentation.

1. Log into the SentinelOne management console as a user with administrative privileges.

   

2. In the side navigation bar, select Settings. Select the USERS tab and then select Service Users.

   

3. Select the Actions button and select Create New Service User.

   

4. Give the new service user a name and description that make clear it's for Mondoo and then select the Next button.

   

5. Choose the account(s) (not sites) you want Mondoo to access and leave the Viewer role selected.

6. Select the Create User button.

   

   SentinelOne shows the API token it generated for the Mondoo service user. Leave the page open; you need the token in the next steps.

Step B: Add a new SentinelOne integration in the Mondoo Console

Once you have a SentinelOne API token, you can create a Mondoo SentinelOne integration. You need information from the service user you created in the instructions above.

1. Access the Integrations > Add > SentinelOne page in one of two ways:

   • New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select BROWSE INTEGRATIONS and then select SentinelOne.

   

   • INTEGRATIONS page: In the side navigation bar, under INTEGRATIONS, select Add New Integration. Under Third-Party Data, select SentinelOne.

   

2. In the Choose an integration name box, enter a name for the integration.

3. In the Enter the host URL box, enter the base of the URL you use to access the SentinelOne management console. For example, if you access the SentinelOne management console at https://my-company.sentinelone.net/dashboard, enter https://my-company.sentinelone.net.

4. Copy the SentinelOne API token you received when you created a service user in the instructions above. Paste it into the Provide the SentinelOne API token box.

5. Select the START IMPORTING button.

Mondoo begins connecting to SentinelOne and collecting data.

View, edit, or remove a SentinelOne integration

1. In the left navigation, under Integrations, select All Integrations.

   

2. Select SentinelOne and then select the integration you want.

   

3. Use the options in near the top-right corner of the page:

   • To change the integration settings, select the edit (pencil) icon.

   • To import data from SentinelOne as soon as possible, select the SCHEDULE NOW button.

   • To pause or resume importing data from SentinelOne, select the ellipsis (...) menu and then select Pause Imports or Resume Imports.

   • To remove the integration, select the delete (trash can) icon.

---