# SentinelOne Deep Visibility

In this guide, you will integrate SentinelOne Deep Visibility with Radiant in order to sync SentinelOne EDR alerts and sensor info.

{% hint style="info" %}
For the EDR alerts to be triaged by our AI, Radiant also needs access to EDR telemetry. In order to give Radiant access to EDR telemetry data, the Deep Visibility integration needs to exist alongside either [SentinelOne Singularity Data Lake integration](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sentinelone-singularity-data-lake) (recommended) or [SentinelOne Cloud Funnel](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sentinelone-cloud-funnel).&#x20;
{% endhint %}

At the end of this configuration, you will provide Radiant Security with the following values:

* **API Token**
* **API Base URL (console URL).** For example: `https://usea1-swprd1.sentinelone.net`

### Prerequisites

* [ ] Admin role for the SentinelOne environment that you want to connect to Radiant

### Create a service user in SentinelOne

1. Log into your SentinelOne console with an **Admin** role account.
2. Hover your cursor over the SentinelOne logo to open the navigation pane.
3. Select **Settings** and then click the **USERS** tab.
4. In the navigation pane, select **Service Users**.
5. From the **Actions** drop-down list, select **Create New Service User**. ![](https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FyCwjH5mZ5xKhpsrSetxc%2FSentinelOne%20EDR_01.png?alt=media\&token=994468f1-f698-40e2-a820-346028dca6fa)
6. In the dialog box, fill in the service account information with the following:
   * **Name:** `radiant_api_service`
   * **Description:** `Radiant Security API Service Account`
   * **Expiration Date:** `1 Years`
7. Click **Next.**
8. If you manage multiple customers:
   * Under **Select Scope of Access**, click **Site**.
   * Select the site that belongs to the customer that you are configuring monitoring for.
9. If you do not manage multiple customers:
   * Under **Select Scope of Access**, click **Account**.
   * Select the account that the user should have access to.
10. From the role type drop-down list, select **Viewer**.
11. Click **Create User** to save the newly created user.
12. In the API Token dialog box, copy the **API Token** value to provide to Radiant Security.

{% hint style="warning" %}
**Important note**: Be sure to document and store the API token value carefully, as it cannot be retrieved later. This will be provided to Radiant Security in the next section.
{% endhint %}

### Create a role and add the necessary permissions

1. Log into your SentinelOne console with an **Admin** role account.
2. Hover your cursor over the SentinelOne logo to open the navigation pane.
3. Select **Settings** and then click the **USERS** tab.
4. In the navigation pane, select **Roles**.
5. From the **Actions** drop-down menu, select **New Role**.
6. In the dialog box, fill in the following information:
   * **Role Name**: `Radiant Security Service Role`
   * **Description**: `Radiant Security API Service Role`
7. Find and add the following permissions to give Radiant Security access to read data:
   * **Endpoints**: `View`, `View Threats`, and `Search on Deep Visibility`
   * **Endpoint** **Threats**: `View`
   * **SDL** **Data**: `View` and `View EDR`
   * **SDL Search (Formerly Skylight)**: `View`
8. This step is *optional*. Find and add the following permissions to give Radiant Security access to take certain actions in your environment:
   * **Endpoints**: `Disconnect from Network` , `Reconnect to Network` , `Initiate Scan` and `Abort Scan`
   * **Blocklist**: `View`, `Edit`, `Delete`, and `Create`
9. Click **Save**.

### Create a service user and generate the API token

1. Log into your SentinelOne console with an **Admin** role account.
2. Hover your cursor over the SentinelOne logo to open the navigation pane.
3. Select **Settings** and then click the **USERS** tab.
4. In the navigation pane, select **Service Users**.
5. From the **Actions** drop-down menu, select **Create New Service User**.
6. In the dialog box, fill in the service account information:
   * **Name:** `radiant_api_service`
   * **Description:** `Radiant Security API Service Account`
   * **Expiration Date:** `1 Years`
7. Click **Next**.
8. If you manage multiple customers:
   * Under **Select Scope of Access**, click **Site**.
   * Select the site that belongs to the customer that you are configuring monitoring for.
9. If you *do not* manage multiple customers:
   * Under **Select Scope of Access**, click **Account**.
   * Select the account that the user should have access to.
10. From the role type drop-down menu, select the **Radiant Security Service Role** created in the previous steps.
11. Click **Create User** to save the newly created user.
12. In the **API Token** dialog box, copy the **API Token** value to provide to Radiant Security.

{% hint style="warning" %}
**Important note:** Be sure to copy and store the API token value carefully, as it cannot be retrieved later. This will be provided to Radiant Security in the next section.
{% endhint %}

### Add the credentials in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Credentials** and click **+ Add Credential**.
3. Select **SentinelOne Deep Visibility** from the list and click **Configure Credential.**
4. Under **Credential** **Name**, give the credential an identifiable name (e.g. `SentinelOne Deep Visibility Credentials`).
5. Under **API Base URL**, paste in your SentinelOne console base URL in the format `https://<host>.sentinelone.net`
6. Under **API** **Token**, paste the token that you copied in a previous step.
7. Click **Add Credential** to save the changes.

### Add the Deep Visibility data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **SentinelOne** option from the list and then click **Data Feeds**.
4. Select *only* the **SentinelOne Alerts & Sensor Info** data feed and click **Credentials.**
5. From the drop-down menu, select the **SentinelOne Deep Visibility** credential that you created in the previous section.
6. Click **Add Connector** to save the changes.

{% hint style="info" %} <i class="fa-plug">:plug:</i> To add the **action connector** in Radiant, please refer to the specific guide: [SentinelOne](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sentinelone-deep-visibility/execute-response-actions-with-sentinelone).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/sentinelone-deep-visibility.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.