SentinelOne connector

Elastic Stack Serverless Observability Serverless Security

The SentinelOne connector communicates with SentinelOne Management Console via REST API.

To use this connector, you must have authority to run Endpoint Security connectors, which is an Actions and Connectors sub-feature privilege. Refer to Kibana privileges.

You can create connectors in Stack Management > Connectors. For example:

×

SentinelOne connectors have the following configuration properties:

API token

A SentinelOne API token created by the user.

URL

The SentinelOne tenant URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.

You can test connectors as you're creating or editing the connector in Kibana. For example:

×