Integrations

SentinelOne Integration Overview

With Perch’s integration to SentinelOne you can store, search, and visualize all the threats detected by SentinelOne within Perch, and let the Perch Security Analysts triage threats detected by SentinelOne alongside all your data in Perch.

  1. Generate a SentinelOne API key for Perch to collect logs
  2. Click here to go to the SentinelOne settings in the Perch app
  3. Enjoy

Generate SentinelOne API Key

In order for Perch to access your SentinelOne logs, you must provide Perch with your SentinelOne API user token.

  • Log in to the Management Console as an Admin
  • Navigate to Settings > Users
  • Click on the Admin user you want to get a token for
    • A new user could be created but is not required (A Viewer user role is sufficient for Perch to query the SentinelOne API)
  • Click on the “Generate” link next to Api Token
  • A new window will open with the API Token Click on “Copy”
  • You will also need your SentinelOne API URL

Copy API Token

Set up the integration in Perch

  • Login to the Perch app
  • Navigate to the Settings page
  • Navigate to the Integration section of the Settings page
  • Scroll until you see the SentinelOne integration
  • Click Install
  • Then click the right-facing chevron to enter the configuration page for the SentinelOne integration

In the Perch SentinelOne Authentication panel, paste your API Token

Perch SentinelOne Settings

Enter your SentinelOne URL (without https://)

URL Formatting

Set an expiration date for your API Token (optional)

API Token Expiration

Click “Save and Test”

Completed Integration

Enable log ingestion

Like all Perch integrations, you can enable or disable Microsoft 365 log ingestion at any time by toggling the switch from “OFF” ( gray ) to “ON” ( purple ), or the other way around.

Once you enable the log ingestion, you will receive a success message which you can toggle to see the health status of your integration.

Enable Log Ingestion / Health Status

API Token Warnings/Expiration

When your API Token is about to expire (if you set up an expiration date), you will get a warning letting you know how many days you have left before your Token expires.

Token Expiration Warning

When your API Token is expired you will get a notification letting you know you need to regenerate your API Token in SentinelOne in order to re-enable your integration.

Token Expired Warning