Configure the SentinelOne Portal

In order to collect logs from SentinelOne, a new Service User and API Token must be created. This guide outlines the process to create the Service User and obtain the API key, as well as configuration required for the multiple data sources you would like to collect.

Prerequisites

• A SentinelOne portal account with the ability to create new users, add/edit API keys

Create a New Service User and Obtain an API Token

To create a new service user and create an API token:

1. Log into the SentinelOne portal (https://xxx.sentinelone.net).

2. Click Settings, and then click Service Users.

3. Click Create New Service User.
   The Create New Service User pop-up appears.

   

4. Enter a Name and optional Description for the new service user.

5. Select an Expiration Date from the drop-down.
   Because the Open Collector connection will only function as long as this account is active, it is recommended to choose a later expiration date.

   

6. Click Next.

7. Select the scope of access for this new user, and then select the account(s)/scope(s) from which to collect logs from the list.

   

8. Click Create User.
   The API Token for the new-created user displays.

9. Click Copy API Token and save the token in a secure location.

Once you close the dialog, the API Token will no longer be accessible. Be sure to save it in a secure location.