URL
SentinelOne uses different subdomains based on your region and who you purchased your licenses from. To get this value, log in to S1 and copy the URL from your address bar. It should look likehttps://usea1-011.sentinelone.net/. Using console[.]sentinelone[.]net is not a valid value.
API Key
To create an API Key you’ll need to create a service user.- Settings > Users > Actions
- Service Users > Actions > Create New Service User
- You may name it anything you’d like, we suggest ‘Wirespeed’
Use the built-in SOC role for this service user. SentinelOne includes this role by default. Choose the role scope that is appropriate for your SentinelOne setup (for example, Customer or Global).
- Set the expiration to a value you feel comfortable with, however we suggest 1 year. When the token expires you will receive an email notification from us saying the integration is experiencing errors. However, we suggest setting a calendar reminder to update the token before it expires. In an upcoming release we will automatically notify you ahead of time.
On first sync, Wirespeed fetches alerts from the last 90 days, capped at the newest 5,000 alerts.