Skip to content
English
Contact AgileBlue Support Customer portal
AgileBlue Portal
  • There are no suggestions because the search field is empty.

SentinelOne Integration

AgileBlue can support monitoring, response, and bi-directional case communication with the SentinelOne platform through our API integration.

Overview 

AgileBlue's integration with SentinelOne allows for streamlined alert management and expanded containment options. By leveraging this integration, any SentinelOne incident which generates an alert within the AgileBlue platform will be closed in both systems simultaneously. Additionally, the integration allows customers to designate which system is used for host isolation.

Supported Platform Version

  • SentinelOne Management Console API version 2.1

Setup Steps - Alert Monitoring

This section describes the steps to configure API access for the AgileBlue SOC to ingest alerts from SentinelOne.

  1. Log in to the SentinelOne Management Console as an Admin.

  2. Navigate to Logged User Account in the top right panel on the navigation bar.
  3. Click My User.
  4. In the API Token section, click Generate.
    1. NOTE: The API token generated by user is time-limited. To rotate a new token login with the dedicated admin account.
  5. Provide the following values to AgileBlue Support via a secure communication method.
    1. API Token
    2. SentinelOne console URL

Setup Steps - Bi-Directional Integration

This section covers the steps to enable bi-directional communication between the AgileBlue SecOps platform and SentinelOne. This includes the ability to allow AgileBlue's platform to leverage the SentinelOne agent for host isolation capabilities as well as bi-directional case communication between the two platforms.

  1. Within the SentinelOne Console, navigate to Dashboard > Settings > Users > Service Users > Actions > Create New Service User

  2. Name the service user AgileBlue API and set expiration to 1 month, then click Next


  3. Select the Site for the user to be created under the set the role to Admin
  4. Click Create User
  5. After creating the user, you'll be given one opportunity to collect the API Token, copy this value and store securely – you'll need this value later

  6. Log in to the AgileBlue Portal and navigate to Settings > Alert Playbook
  7. Scroll to the Host Isolation System section and paste the API token gathered in step 5 under API Token
  8. Next, paste the URL from your SentinelOne Console as seen below – the URL should end with sentinelone.net/

  9. Click on Validate Credentials to ensure the connection has been established, if successful the following message will appear:

  10. After validating your credentials, scroll to the bottom of the page and click Save

Need Help?

AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

Email: support@agileblue.com 
Phone: (216) 606-9400🚨