SentinelOne

Configure the action connector for SentinelOne.

In this guide, you'll configure the integration between SentinelOne and Radiant to automatically run containment and remediation actions after endpoint attacks.

Available actions

The following actions are available after you set up the SentinelOne action connector. Keep in mind, additional permissions are required.

  • Isolate devices

  • Release devices from isolation

  • Block files

  • Run full disk scan

To be able to add the action connector, you will need to provide Radiant Security with the following values, from the data connector onboarding:

  • API Base URL (console URL). For example: https://usea1-swprd1.sentinelone.net

  • API Token

If you haven't configured the SentinelOne data connectors yet, check out the SentinelOne EDR guide.

Add the action connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, select Settings > Action Connectors and click + Add Connector.

  3. Select SentinelOne from the menu and click Credentials.

  4. Add the following values from the previous section:

    • API Base URL (console URL). For example: https://usea1-swprd1.sentinelone.net

    • API Token

  5. Click Add Connector to save the connector configuration.

PreviousProofpointNextSonicWall

Last updated