Overview
This document will walk you through setting up an integration with SentinelOne in your ImmyBot instance.
Setting up this integration allows you to:
- Agent identification by adding an inventory script to be run against all of your endpoints
- Importing agents from linked clients into ImmyBot
- Mapping clients from the integration to tenants in ImmyBot
- Getting an install token for a specific client
- Getting an uninstall token for an agent
- Generating an authentication header for downloading files
- Retrieving agent installers dynamically from a URL
- Manually removing offline agents from within ImmyBot
Prerequisites
An active ImmyBot subscription or trial
Admin access to your SentinelOne account
Process
Create an integration account
- Log into your SentinelOne account
- Create a new role under Settings -> Users -> Roles
- Provide the following permissions to the new role:
| Page | Permission | Note |
|---|---|---|
| Endpoints | View | Needed for polling agents from SentinelOne |
| Endpoints | Show Passphrase | Needed for ImmyBot to uninstall/upgrade the SentinelOne agent |
| Endpoints | Decommission | Enables ImmyBot to decommission an endpoint if the SentinelOne agent is offline and the computer is being deleted from ImmyBot |
| Accounts | View | SentinelOne mandatory permission |
| Agent Packages | View | Needed for dynamic versions to be pulled |
| Groups | View | SentinelOne mandatory permission |
| Local Upgrade/Downgrade Authorization | View | Needed for ImmyBot to uninstall/upgrade the SentinelOne agent |
| Local Upgrade/Downgrade Authorization | Edit | Needed for ImmyBot to uninstall/upgrade the SentinelOne agent |
| Roles | View | SentinelOne mandatory permission |
| Sites | View | Needed to pull agent install tokens |
- Create a new service user with the new role scoped to the account or sites you want to use the integration for.
Note
SentinelOne requires the service user have an expiration date. When the service user expires, a new service user will need to be created and the updated API credentials supplied in the integration.
- Copy the API token for the service user. The token can not be viewed again.
Set up the Integration with ImmyBot
- Navigate to Show More > Integrations
- Click add integration
- Click SentinelOne
- Change the name of the integration if desired.
- Input your SentinelOne URI
- This is the Url to the SentinelOne portal you login to. Example https://usea1-pax8.sentinelone.net/
- Input API token you created for the service user.
- Click update
- Toggle your capabilities (see above for more information)
- Toggle the enable integration switch
- Click on the Clients tab to link your SentinelOne Sites to your ImmyBot tenants
