# SentinelOne Integration

The SentinelOne integration enables Sprinto to automatically ingest device and vulnerability data from your SentinelOne environment. This helps you monitor security posture, track threats, and map vulnerabilities to compliance controls without manual effort.

This integration is currently available under a beta programme and uses a secure, managed connection flow.

***

### Prerequisites

Before you begin, ensure the following:

* You have an active SentinelOne account.
* You have **admin access** to SentinelOne.
* You are enrolled in Sprinto’s SentinelOne beta programme.
* Your SentinelOne environment allows access to:
  * Devices (endpoints).
  * Threats and vulnerability alerts.
* You have access to generate or authorise:
  * SentinelOne API credentials (via the connection flow).
  * SentinelOne base URL (if required during setup).

***

### Permissions and data access

Sprinto requires read-level access to specific SentinelOne data.

#### Data accessed by Sprinto

* Device (endpoint) information.
* Vulnerabilities and threat alerts.
* Associated metadata for tracking and mapping.

#### Required permissions

During the connection flow, you must grant access to:

* **View Devices/Agents** – to list and track endpoints.
* **View Threats/Alerts** – to fetch vulnerabilities and security findings.
* *(Optional)* View Policies – for additional context.

These permissions are granted during the authorisation flow and managed externally.

***

### Data sync behaviour

Sprinto syncs SentinelOne data in two stages:

#### 1. Device sync

* Fetches all available devices.
* Registers them as tracked entities in Sprinto.

#### 2. Vulnerability sync

* Fetches vulnerabilities and threat alerts.
* Maps them only to tracked devices.
* Ignores data from untracked entities.

This ensures accurate and relevant compliance tracking.

***

### How it works

Sprinto integrates with SentinelOne through a secure intermediary integration layer instead of directly calling SentinelOne APIs.

* Authentication is handled through a secure authorisation (link) flow.
* Credentials are not directly stored in Sprinto.
* Once connected, Sprinto:
  * Retrieves device (endpoint) data.
  * Fetches vulnerabilities and threat alerts.
  * Maps the data to relevant controls and checks.
* Data is periodically synced and automatically updated.

This approach ensures secure credential handling and reliable data ingestion.

***

### Enrol in SentinelOne Beta

Since SentinelOne is currently in beta, you must enrol before connecting.

1. Log in to the Sprinto dashboard.
2. Navigate to **Settings → Integrations**.
3. In the **All** tab, search for **SentinelOne**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fft7yA1aIGiVqx4bpS14U%2FScreenshot%202026-04-01%20at%2012.25.45.png?alt=media&#x26;token=a3ed3c85-685d-457b-bcf6-59cbd96bc727" alt="" width="563"><figcaption></figcaption></figure>

4. Click **Know more** next to SentinelOne.
5. In the side panel, click **Enroll in Beta**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fv36JFh2le5FOHuuO4UiB%2FScreenshot%202026-04-01%20at%2012.26.25.png?alt=media&#x26;token=7bdc4d9b-1f75-4330-ac8d-eec85094682d" alt="" width="375"><figcaption></figcaption></figure>

After submitting your request, Sprinto will review and enable access.

***

### Connect SentinelOne to Sprinto

Once beta access is enabled:

1. Log in to the Sprinto dashboard.
2. Navigate to **Settings → Integrations**.
3. Search for **SentinelOne** in the **All** tab.
4. Click **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FeQBKRwPqo8fpGDLDWagg%2FScreenshot%202026-04-01%20at%2012.23.46.png?alt=media&#x26;token=ea5b0e91-8c4e-4726-a65b-1793b5c8ee14" alt="" width="563"><figcaption></figcaption></figure>

#### Step 1: Review permissions

1. Review the permissions and data accessed:
   * Read access to vulnerabilities.
   * Device data.
2. Click **Next**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FnxioEA9xyBsikqMBg0gi%2FScreenshot%202026-04-01%20at%2012.24.28.png?alt=media&#x26;token=af6093e4-bc99-450f-b727-82b08941455b" alt="" width="375"><figcaption></figcaption></figure>

#### Step 2: Initiate connection

1. Select **I have admin access to SentinelOne**.
2. Click **Connect to SentinelOne**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FslAlpuJK77CZ340bry0e%2FScreenshot%202026-04-01%20at%2012.28.55.png?alt=media&#x26;token=b0feb9e9-321d-4037-83c4-e95f3a78bbea" alt="" width="375"><figcaption></figcaption></figure>

#### Step 3: Authorise and enter credentials

1. Complete the secure authorisation flow.
2. In the pop-up, enter the **API Token** & **Base URL.** [Know more](https://docs.leen.dev/integrations/sentinelone-credential) about how to obtain these credentials.
3. Click **Create** to complete the setup.&#x20;

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F4BcZWGimXNK5ueNwcc4k%2FScreenshot%202026-04-01%20at%2012.30.19.png?alt=media&#x26;token=d0cc74cc-1e0f-40a6-9a46-23c1bdacfc0d" alt="" width="563"><figcaption></figcaption></figure>

***

### Post-connection flow

After a successful connection:

* The integration status is shown as **Connected**.
* Sprinto begins syncing:
  * Devices (endpoints).
  * Vulnerabilities and alerts.
* Relevant controls and checks are automatically enabled.
* Evidence collection begins without manual intervention.

***

### Error handling

Sprinto automatically detects and flags issues related to authentication or permissions.

#### Common scenarios

**Authentication failure (401).**\
Occurs when the connection is invalid or expired.\
**Action:** Reconnect the integration.

**Permission issues (403).**\
Occurs when required permissions are not granted.\
**Action:** Re-authorise with appropriate access.

**Invalid connection.**\
Occurs when the connection cannot be validated.\
**Action:** Re-establish the integration.

### Data sync limits

* Sprinto enforces rate limits to ensure stable performance.
* Data is fetched in controlled intervals to avoid overload.

***

### Troubleshooting

#### Unable to see Connect button

* Ensure you are enrolled in the beta programme.
* Wait for confirmation from Sprinto.

#### Connection fails

* Verify API token and base URL are correct.
* Ensure admin access is enabled.
* Confirm required permissions are granted.

#### No data syncing

* Check if SentinelOne has active devices and alerts.
* Allow time for initial sync.
* Reconnect the integration if needed.

***

### Additional notes

* SentinelOne integration uses a **managed connection flow**, not direct API configuration.
* Credentials are handled securely outside Sprinto.
* Only vulnerabilities linked to tracked devices are synced.
* This feature is currently in beta and may evolve.

***

### Support

Please contact [Sprinto Support](mailto:www.support@sprinto.com) If you have any queries related to the integration or need any assistance.