> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# SentinelOne Singularity

> Configure SentinelOne Singularity integration with RAD Security for AI-powered endpoint protection.

# SentinelOne Singularity Integration Setup

This guide walks you through integrating SentinelOne Singularity with RAD Security for AI-powered endpoint detection and response, enabling you to correlate endpoint security events with container and cloud runtime activity.

SentinelOne Singularity provides autonomous endpoint protection with behavioral AI analysis, automated threat remediation, and deep visibility across your endpoints.

## Prerequisites

Before you begin, ensure you have:

<Check>
  * Admin access to SentinelOne Management Console
  * **SentinelOne Complete** entitlement level or higher
  * Access to RAD Security workspace with integration permissions
</Check>

<Warning>
  **Minimum Entitlement Required:** This integration requires a minimum entitlement level of **SentinelOne Complete**. See [SentinelOne platform packages](https://www.sentinelone.com/platform-packages/) for more information about entitlement levels.
</Warning>

***

## Step 1: Access SentinelOne Management Console

<Steps>
  <Step title="Log in to Console">
    Log in to your SentinelOne Management Console with administrative privileges
  </Step>

  <Step title="Note Your Console URL">
    Take note of your Management Console URL as you'll need it for configuration

    **Example URLs:**

    * `https://usea1-partners.sentinelone.net/`
    * `https://euce1-partners.sentinelone.net/`
    * `https://apne1-partners.sentinelone.net/`

    <Info>
      This URL will be used as the **URL** parameter when configuring the integration in RAD Security.
    </Info>
  </Step>
</Steps>

***

## Step 2: Generate API Token

<Steps>
  <Step title="Access User Settings">
    1. Click your **username** (or "Admin") in the top right corner
    2. Select **My User** from the dropdown menu
  </Step>

  <Step title="Navigate to API Token Operations">
    1. Click the **Actions** button
    2. Select **API Token Operations**
  </Step>

  <Step title="Generate New Token">
    1. Click **Regenerate API Token**
    2. **Immediately copy the API Token** that appears

    <Warning>
      **Save this token immediately!** You may not be able to view it again. Store it securely for the integration configuration.
    </Warning>
  </Step>
</Steps>

***

## Step 3: Configure in RAD Security

Navigate to your RAD Security workspace and configure the SentinelOne Singularity integration with the following parameters:

### Required Parameters

| Parameter    | Description                                                              | Example                                   |
| ------------ | ------------------------------------------------------------------------ | ----------------------------------------- |
| **Base URL** | Base URL of your SentinelOne Management Console (include trailing slash) | `https://usea1-partners.sentinelone.net/` |
| **Secret**   | The API Token generated in Step 2                                        | `your-api-token-here`                     |

<Note>
  The URL should be your SentinelOne Management Console URL, which typically follows the pattern `https://<region>-partners.sentinelone.net/`. Ensure you include the trailing slash.
</Note>

***

## Verify Integration

After completing the setup, verify your integration is working:

1. Navigate to **Data Sources > Integrations > EDR** in RAD Security
2. Locate your SentinelOne Singularity integration
3. Check the connection status shows as **Connected**
4. Verify endpoint data is being synced

<Check>
  Your SentinelOne Singularity integration is now configured! RAD Security can now correlate endpoint security data with container and cloud runtime events.
</Check>

## What Data is Synced

Once configured, RAD Security will sync the following data from SentinelOne:

<AccordionGroup>
  <Accordion title="Endpoint Information" icon="computer">
    * Agent inventory and status
    * Endpoint health and connectivity
    * Operating system details
    * Network information
    * Agent version and configuration
    * Group and site assignments
  </Accordion>

  <Accordion title="Threats & Detections" icon="shield-virus">
    * Real-time threat detections
    * Threat classification and severity
    * Malware and exploit analysis
    * Behavioral AI findings
    * Threat mitigation status
    * Quarantine and remediation actions
  </Accordion>

  <Accordion title="Activities & Events" icon="timeline">
    * Endpoint activities
    * Process execution data
    * Network connections
    * File system events
    * Registry modifications (Windows)
    * User actions
    * Alert and notification logs
  </Accordion>

  <Accordion title="Policies & Configurations" icon="sliders">
    * Security policies
    * Exclusions and allow lists
    * Agent configuration settings
    * Mitigation modes
    * Behavior settings
  </Accordion>
</AccordionGroup>

## Use Cases

<CardGroup cols={2}>
  <Card title="AI-Powered Threat Detection" icon="brain">
    Leverage SentinelOne's behavioral AI with RAD's runtime context for enhanced threat detection accuracy.
  </Card>

  <Card title="Automated Response" icon="wand-magic-sparkles">
    Combine SentinelOne's autonomous response with RAD's container orchestration for coordinated remediation.
  </Card>

  <Card title="Container-to-Host Threats" icon="server">
    Detect when containerized threats attempt to escape or affect the underlying host system.
  </Card>

  <Card title="Unified Threat Visibility" icon="eye">
    Gain comprehensive visibility across endpoints, containers, and cloud infrastructure from a single platform.
  </Card>
</CardGroup>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication Failed" icon="triangle-exclamation">
    **Possible causes:**

    * API Token is incorrect or expired
    * Token was regenerated and not updated
    * Insufficient permissions on the user account

    **Solution:**

    * Verify the API Token is copied correctly (no extra spaces)
    * Check if the token was regenerated in SentinelOne
    * Ensure the user account has administrative privileges
    * Try regenerating the token and updating the integration
  </Accordion>

  <Accordion title="Insufficient Entitlement" icon="shield-exclamation">
    **Possible causes:**

    * SentinelOne subscription level is below Complete
    * Required features not enabled in license

    **Solution:**

    * Verify your SentinelOne entitlement level
    * Check [SentinelOne platform packages](https://www.sentinelone.com/platform-packages/)
    * Contact SentinelOne support to upgrade if needed
    * Ensure all required features are enabled in your license
  </Accordion>

  <Accordion title="No Data Syncing" icon="database-slash">
    **Possible causes:**

    * No agents deployed or reporting
    * Initial sync still in progress
    * Network connectivity issues
    * API rate limits reached

    **Solution:**

    * Verify SentinelOne agents are installed and connected
    * Check agent status in SentinelOne console
    * Allow up to 15 minutes for initial data sync
    * Review integration logs in RAD Security for errors
    * Check API rate limit status in SentinelOne
  </Accordion>

  <Accordion title="Wrong Console URL" icon="globe">
    **Possible causes:**

    * Missing trailing slash in URL
    * Incorrect regional subdomain
    * Using wrong URL format

    **Solution:**

    * Use Management Console URL (e.g., `https://usea1-partners.sentinelone.net/`)
    * Ensure URL includes trailing slash at the end
    * Verify the regional subdomain matches your deployment
    * Confirm you're using the URL shown in your browser when logged into SentinelOne
  </Accordion>

  <Accordion title="Token Regeneration Issues" icon="rotate">
    **Possible causes:**

    * Old token still cached
    * Multiple integrations using same token
    * Token regenerated while integration was active

    **Solution:**

    * Wait a few minutes after regenerating token
    * Update all integrations if using the same token
    * Clear any cached credentials
    * Ensure only one active token per integration
  </Accordion>
</AccordionGroup>

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Use Dedicated Users" icon="user-gear">
    Create a dedicated service account for the RAD Security integration rather than using a personal account.
  </Card>

  <Card title="Rotate Tokens Regularly" icon="rotate">
    Periodically regenerate API tokens as part of your security hygiene practices.
  </Card>

  <Card title="Least Privilege Access" icon="shield-halved">
    Only grant the minimum permissions required. Use Read-only keys for EDR Events access.
  </Card>

  <Card title="Secure Token Storage" icon="lock">
    Store API tokens in a secure password manager or secrets vault. Never commit them to version control.
  </Card>

  <Card title="Monitor API Usage" icon="chart-line">
    Regularly review API usage in SentinelOne to detect anomalous activity.
  </Card>

  <Card title="Track Token Changes" icon="clipboard-list">
    Document when tokens are regenerated and update all dependent integrations immediately.
  </Card>
</CardGroup>

## Regional Deployments

SentinelOne has different regional deployments. Ensure you're using the correct Management Console URL for your region:

<AccordionGroup>
  <Accordion title="North America" icon="flag-usa">
    **Management Console URLs:**

    * US East: `https://usea1-partners.sentinelone.net/`
    * US West: `https://uswe1-partners.sentinelone.net/`
  </Accordion>

  <Accordion title="Europe" icon="flag">
    **Management Console URL:**

    * EU Central: `https://euce1-partners.sentinelone.net/`
  </Accordion>

  <Accordion title="Asia Pacific" icon="globe">
    **Management Console URL:**

    * AP Northeast: `https://apne1-partners.sentinelone.net/`
  </Accordion>
</AccordionGroup>

<Note>
  Always use the URL shown in your browser's address bar when logged into the SentinelOne Management Console. Don't forget to include the trailing slash.
</Note>

## Next Steps

<CardGroup cols={2}>
  <Card title="EDR Integrations Overview" icon="shield-check" href="/rad-security/integrations/edr/overview">
    Explore other EDR integration options
  </Card>

  <Card title="Runtime Security" icon="shield" href="/rad-security/integrations/runtime-security">
    Learn about RAD's container runtime security
  </Card>

  <Card title="Alerts & Incidents" icon="bell" href="/rad-security/platform/workspace">
    Configure correlated alerts and incident management
  </Card>

  <Card title="Microsoft Defender" icon="microsoft" href="/rad-security/integrations/edr/microsoft-defender-setup">
    Add Microsoft Defender for additional endpoint coverage
  </Card>
</CardGroup>