To send threat alerts from SentinelOne ActiveEDR, you must have an API token. You need
the API token when you configure a data source in the QRadar® product.
If you already have an API token that you want to use, you can omit this procedure.
Before you begin
You must have access to a SentinelOne account with administrator privileges.
Procedure
-
Log in to your SentinelOne Management Console as an administrator.
-
Click the username tab, and then select My User from the
list.
- To obtain an API token, click Options, then select the option to
generate an API token, or the option to regenerate an API token. Depending on whether you have an
existing token, only one of the following options appears. You need the API token when you configure
the default workflow parameters in the QRadar product.
- To generate a new token, select Generate API
token.
- To replace an existing API token, select Regenerate API
token.
The API token appears.
Important: The API token does not appear
again. Do not close this window until you complete the next step to save the API
token.
- To save the API token, choose one of the following options:
- To copy the token to your clipboard, click Copy API
Token.
- To download the API token to a file, click Download API
Token.
What to do next
Add a SentinelOne ActiveEDR data source that uses
the Universal Cloud REST API connector. For more information about the Universal Cloud REST API connector, see Universal Cloud REST API data source parameters for SentinelOne ActiveEDR.
For more information about adding a data source, see Adding ingestion data sources.