SentinelOne Singularity Integration Setup
This guide walks you through integrating SentinelOne Singularity with RAD Security for AI-powered endpoint detection and response, enabling you to correlate endpoint security events with container and cloud runtime activity. SentinelOne Singularity provides autonomous endpoint protection with behavioral AI analysis, automated threat remediation, and deep visibility across your endpoints.Prerequisites
Before you begin, ensure you have:- Admin access to SentinelOne Management Console
- SentinelOne Complete entitlement level or higher
- Access to RAD Security workspace with integration permissions
Minimum Entitlement Required: This integration requires a minimum entitlement level of SentinelOne Complete. See SentinelOne platform packages for more information about entitlement levels.
Step 1: Access SentinelOne Management Console
1
Log in to Console
Log in to your SentinelOne Management Console with administrative privileges
2
Note Your Console URL
Take note of your Management Console URL as you’ll need it for configurationExample URLs:
https://usea1-partners.sentinelone.net/https://euce1-partners.sentinelone.net/https://apne1-partners.sentinelone.net/
This URL will be used as the URL parameter when configuring the integration in RAD Security.
Step 2: Generate API Token
1
Access User Settings
- Click your username (or “Admin”) in the top right corner
- Select My User from the dropdown menu
2
Navigate to API Token Operations
- Click the Actions button
- Select API Token Operations
3
Generate New Token
- Click Regenerate API Token
- Immediately copy the API Token that appears
Save this token immediately! You may not be able to view it again. Store it securely for the integration configuration.
Step 3: Configure in RAD Security
Navigate to your RAD Security workspace and configure the SentinelOne Singularity integration with the following parameters:Required Parameters
| Parameter | Description | Example |
|---|---|---|
| Base URL | Base URL of your SentinelOne Management Console (include trailing slash) | https://usea1-partners.sentinelone.net/ |
| Secret | The API Token generated in Step 2 | your-api-token-here |
The URL should be your SentinelOne Management Console URL, which typically follows the pattern
https://<region>-partners.sentinelone.net/. Ensure you include the trailing slash.Verify Integration
After completing the setup, verify your integration is working:- Navigate to Data Sources > Integrations > EDR in RAD Security
- Locate your SentinelOne Singularity integration
- Check the connection status shows as Connected
- Verify endpoint data is being synced
Your SentinelOne Singularity integration is now configured! RAD Security can now correlate endpoint security data with container and cloud runtime events.
What Data is Synced
Once configured, RAD Security will sync the following data from SentinelOne:Endpoint Information
Endpoint Information
- Agent inventory and status
- Endpoint health and connectivity
- Operating system details
- Network information
- Agent version and configuration
- Group and site assignments
Threats & Detections
Threats & Detections
- Real-time threat detections
- Threat classification and severity
- Malware and exploit analysis
- Behavioral AI findings
- Threat mitigation status
- Quarantine and remediation actions
Activities & Events
Activities & Events
- Endpoint activities
- Process execution data
- Network connections
- File system events
- Registry modifications (Windows)
- User actions
- Alert and notification logs
Policies & Configurations
Policies & Configurations
- Security policies
- Exclusions and allow lists
- Agent configuration settings
- Mitigation modes
- Behavior settings
Use Cases
AI-Powered Threat Detection
Leverage SentinelOne’s behavioral AI with RAD’s runtime context for enhanced threat detection accuracy.
Automated Response
Combine SentinelOne’s autonomous response with RAD’s container orchestration for coordinated remediation.
Container-to-Host Threats
Detect when containerized threats attempt to escape or affect the underlying host system.
Unified Threat Visibility
Gain comprehensive visibility across endpoints, containers, and cloud infrastructure from a single platform.
Troubleshooting
Authentication Failed
Authentication Failed
Possible causes:
- API Token is incorrect or expired
- Token was regenerated and not updated
- Insufficient permissions on the user account
- Verify the API Token is copied correctly (no extra spaces)
- Check if the token was regenerated in SentinelOne
- Ensure the user account has administrative privileges
- Try regenerating the token and updating the integration
Insufficient Entitlement
Insufficient Entitlement
Possible causes:
- SentinelOne subscription level is below Complete
- Required features not enabled in license
- Verify your SentinelOne entitlement level
- Check SentinelOne platform packages
- Contact SentinelOne support to upgrade if needed
- Ensure all required features are enabled in your license
No Data Syncing
No Data Syncing
Possible causes:
- No agents deployed or reporting
- Initial sync still in progress
- Network connectivity issues
- API rate limits reached
- Verify SentinelOne agents are installed and connected
- Check agent status in SentinelOne console
- Allow up to 15 minutes for initial data sync
- Review integration logs in RAD Security for errors
- Check API rate limit status in SentinelOne
Wrong Console URL
Wrong Console URL
Possible causes:
- Missing trailing slash in URL
- Incorrect regional subdomain
- Using wrong URL format
- Use Management Console URL (e.g.,
https://usea1-partners.sentinelone.net/) - Ensure URL includes trailing slash at the end
- Verify the regional subdomain matches your deployment
- Confirm you’re using the URL shown in your browser when logged into SentinelOne
Token Regeneration Issues
Token Regeneration Issues
Possible causes:
- Old token still cached
- Multiple integrations using same token
- Token regenerated while integration was active
- Wait a few minutes after regenerating token
- Update all integrations if using the same token
- Clear any cached credentials
- Ensure only one active token per integration
Security Best Practices
Use Dedicated Users
Create a dedicated service account for the RAD Security integration rather than using a personal account.
Rotate Tokens Regularly
Periodically regenerate API tokens as part of your security hygiene practices.
Least Privilege Access
Only grant the minimum permissions required. Use Read-only keys for EDR Events access.
Secure Token Storage
Store API tokens in a secure password manager or secrets vault. Never commit them to version control.
Monitor API Usage
Regularly review API usage in SentinelOne to detect anomalous activity.
Track Token Changes
Document when tokens are regenerated and update all dependent integrations immediately.
Regional Deployments
SentinelOne has different regional deployments. Ensure you’re using the correct Management Console URL for your region:North America
North America
Management Console URLs:
- US East:
https://usea1-partners.sentinelone.net/ - US West:
https://uswe1-partners.sentinelone.net/
Europe
Europe
Management Console URL:
- EU Central:
https://euce1-partners.sentinelone.net/
Asia Pacific
Asia Pacific
Management Console URL:
- AP Northeast:
https://apne1-partners.sentinelone.net/
Always use the URL shown in your browser’s address bar when logged into the SentinelOne Management Console. Don’t forget to include the trailing slash.