SentinelOne
Feature availability
Operating systems | WARP mode required | Zero Trust plans |
---|---|---|
macOS, Windows, Linux | WARP with Gateway | All plans |
Device posture with SentinelOne requires the SentinelOne agent and the Cloudflare WARP client to be deployed on your devices. Our service-to-service posture check identifies devices based on their serial numbers.
Set up SentinelOne as a service provider
1. Obtain SentinelOne settings
The following SentinelOne values are needed to set up the SentinelOne posture check:
- API Token
- REST API URL
To retrieve those values:
- Log in to your SentinelOne Dashboard.
- Go to Settings > Users > Create new Service User.
- Select Create New Service User.
- Enter a Name and Expiration Date and select Next.
- Set Scope of Access to Viewer.
- Select Create User. SentinelOne will generate an API Token for this user.
- Copy the API Token to a safe location.
- Select Close.
- Copy the Rest API URL from your browser’s address bar (for example,
https://<S1-DOMAIN>.sentinelone.net
).
2. Add SentinelOne as a service provider
- In Zero Trust, go to Settings > WARP Client.
- Scroll down to Device posture providers and select Add new.
- Select SentinelOne.
- Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
- In Client Secret, enter your API Token.
- In Rest API URL, enter
https://<S1-DOMAIN>.sentinelone.net
. - Choose a Polling frequency for how often Cloudflare Zero Trust should query SentinelOne for information.
- Select Save.
3. Configure the posture check
- In Zero Trust, go to Settings > WARP Client > Service provider checks.
- Select Add new.
- Select the SentinelOne provider.
- Configure a device posture check and enter any name.
- Select Save.
Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.
Device posture attributes
Device posture data is gathered from the SentinelOne Management APIs. For more information, refer to https://<S1-DOMAIN>.sentinelone.net/api-doc/overview
.
Selector | Description |
---|---|
Infected | Whether the device is infected |
Active Threats | Number of active threats on the device |
Is Active | Whether the SentinelOne Agent is active |
Network status | Whether the SentinelOne Agent is connected to the SentinelOne service |