SentinelOne Singularity Endpoint
This feature might not be available for all customers yet.
You can integrate SentinelOne Singularity Endpoint with Sophos Central so that it sends data to Sophos.
This is an API integration. You need an API token from Singularity Endpoint.
The key steps are as follows:
- Generate an API token in Singularity Endpoint.
- Configure an integration in Sophos Central.
Generate an API token from Singularity Endpoint
To generate an API token, do as follows:
- In the Singularity Endpoint dashboard, click My User.
- Click API token.
- Copy or click Download and save the API token to use later in Sophos Central.
Also make a note of the API version (usually 2.1).
You'll also need your base URL. This is the URL you use to manage your account and is usually in the format https://organization_name.sentinelone.net/web.
Configure an integration
To integrate Singularity Endpoint with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
Click SentinelOne Singularity Endpoint.
The SentinelOne Singularity Endpoint page opens. You can configure integrations here and see a list of any you've already configured.
In Data Ingest (Security Alerts), click Add Configuration.
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.
In Integration steps, do as follows:
- Enter the Integration name and Integration description.
- Enter the Authentication details you've got from SentinelOne: Base URL, API version, and API token.
We create the integration and it appears in your list. If the status icon shows Healthy, your data should appear in the Sophos Data Lake after validation.