In order for Perch to access your SentinelOne logs, you must provide Perch with your SentinelOne API user token.
In the Perch SentinelOne Authentication panel, paste your API Token
Enter your SentinelOne URL (without https://)
Set an expiration date for your API Token (optional)
Click “Save and Test”
Like all Perch integrations, you can enable or disable Sentinel One log ingestion at any time by toggling the switch from “OFF” ( gray ) to “ON” ( purple ), or the other way around.
Once you enable the log ingestion, you will receive a success message which you can toggle to see the health status of your integration.
When your API Token is about to expire (if you set up an expiration date), you will get a warning letting you know how many days you have left before your Token expires.
When your API Token is expired you will get a notification letting you know you need to regenerate your API Token in SentinelOne in order to re-enable your integration.