Skip to main content
Sign in

Creating an extended integration for SentinelOne assets

Caroline Maguire
  • June 07, 2022 07:00
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your SentinelOne assets as data from SentinelOne is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and SentinelOne in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and software information
  • Configurable reports to share information about assets and software with your colleagues and management such as corporate-wide reports that detail the distribution and status of the assets and software in your environment
  • Configurable workflows that you can create such as
    • Getting asset details, passphases, and site information
    • Deleting asset tags

Navigation

small_blue_link.svgUpdating the credentials

small_blue_link.svgCreating the asset integration

small_blue_link.svgCreating custom mappings

small_blue_link.svg Creating workflows

SentinelOne Delete Tag by ID

SentinelOne Get Asset Details

SentinelOne Get Asset Passphase

SentinelOne Get Asset Site Information

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account.

SentinelOne uses API key authentication, which requires an API secret key and API ID. 

small_blue_link.svg For more information, see SentinelOne FAQ.

 

Updating the credentials

To authorize connections between Oomnitza and SentinelOne, complete these steps:

  1. In Oomnitza, click Configuration > Credentials.
  2. Click Add new credential (+).
  3. Add the information details.
  4. Click the AUTHORIZATION tab.
  5. Ensure that API Key is selected as the authorization type.
  6. Enter Authorization as the name of the token. 
  7. Enter ApiToken {{SentinelOne API token}} as the API key.
  8. Ensure that Add to Header is selected.
  9. Save your changes.

You use the credentials that you added to create and customize your SentinelOne integrations with Oomnitza.

Creating the asset integration

To configure the integration for SentinelOne assets, complete the following steps:

  1. In Oomnitza, click Configuration > Integrations.
  2. Click Integrations List View small_SettingsListView.svg.
  3. On the Integrations page, scroll down to the Extended section for Assets.
  4. Click NEW INTEGRATION.
  5. In the New Asset Integration sidebar, click SentinelOne.
  6. To integrate Oomnitza with the SentinelOne Asset Load, click APPLY and then click NEXT twice.

On the connect page, complete the following steps to connect the integration:

  1. Enter a descriptive name for the integration such as SentinelOne Assets. This name will be displayed on the Integrations page once the setup is complete.
  2. Check the Software check box if you would like to receive software information for your assets.
  3. Select Cloud as the installation type.
  4. From the Credentials list, select the credentials from the Oomnitza vault that you added for the connection.
  5. From the Integration Preferences list, select Create & Update
  6. Enter the name of the user of the integration.
  7. Enter the SentinelOne Customer Domain URL. The URL has the following format 
    https://<subdomain>.sentinelone.net or https://<subdomain>.sentinelone.com
  8. Click Next.

Creating custom mappings

Map the SentinelOne fields to Oomnitza fields and create custom mappings to get the user information that you need.

Complete these actions:

  1. You must create a custom mapping for the SentinelOne Device Id field. To do this, complete these steps:
    1. Click the down arrow on the Id field.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the Id field to SentinelOne Device Id
    4. Click CREATE
  2. Create custom mappings to map any other field that you want to add to Oomnitza:
    1. Click the down arrow on the field that you want to map.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the field.
    4. Click CREATE
  3. Assign a sync key to the Email field.
  4. Click NEXT

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: Customer Domain URL

Custom mappings

Account Id
Account Name
Active Directory Computer Distinguished Name
Active Directory Last User Distinguished Name
Active Threats
Agent Version
Apps Vulnerability Status
Computer Name
Connector Sync Time
Console Migration Status
Core Count
Cpu Count
Cpu Id
Created At
Customer Domain URL
Detection State
Domain
External Id
External Ip
First Full Mode Time
Group Id
Group Ip
Group Name
Id
Installer Type
Is Active
Is Allow Remote Shell
Is Decommissioned
Is Encrypted Applications
Is Firewall Enabled
Is In Remote Shell Session
Is Infected
Is Location Enabled
Is Network Quarantine Enabled
Is Pending Uninstall
Is Threat Reboot Required
Is Uninstalled
Is Up To Date
Last Active Date
Last Ip To Mgmt
Last Logged In User Name
License Key
Location Type
Machine Type
Mitigation Mode
Mitigation Mode Suspicious
Model Name
Network Status
Operational State
Operational State Expiration
Os Arch
Os Name
Os Revision
Os Start Time
Os Type
Os Username
Ranger Status
Ranger Version
Registered At
Remote Profiling State
Remote Profiling State Expiration
Scan Aborted At
Scan Finished At
Scan Started At
Scan Status
Site Id
Site Name
Storage Name
Storage Type
Total Memory
Updated At
Uuid

blue_link.svg Learn more about mapping

When you've completed mapping SentinelOne fields to Oomnitza fields, click NEXT.   

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Configure your schedule.
  2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see what information is collected now, click the tile on the Integrations page and click RUN NOW.

If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings.

edit-integration.svg 

Tip
To view the information that is collected about your mobile assets, click Assets

Creating workflows

To reduce your workload and automate complex and repetitive tasks, you can create asset workflows with the API block by following the steps in Creating user workflows with the API block. When creating the asset workflows with the API block for SentinelOne, the following specific configuration is required:

  • To locate the available presets, enter SentinelOne in the Select Preset search field. The SentinelOne API block workflow comes with the following presets:

    SentinelOne Delete Tag by ID
    SentinelOne Get Asset Details
    SentinelOne Get Asset Passphase
    SentinelOne Get Asset Site Information


  • In the Configure section, enter the following details:
    1. The SentinelOne URL, if it was not already added as a global variable. For further information, refer to Setting the SentinelOne URL as a global variable.
    2. Your SentinelOne Credentials that you created in Updating the credentials. 

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

      • Configure dashboards for your users and software
      • Configure custom reports about your users and software
      • Create workflows to automate tasks

See small_blue_link.svg Getting started

See Creating workflows to find out more about how to create workflows with SentinelOne.

 

Did you know
You can also create extended connector integrations for SentinelOne Users.
small_blue_link.svg  Extended Integration for SentinelOne Users

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk