Skip to content
Find out how we support MDR.

SentinelOne Singularity Endpoint

API

This feature might not be available for all customers yet.

SentinelOne Singularity Endpoint detects threats to endpoints.

You can integrate it with Sophos Central so that it sends data to Sophos.

This is an API integration. You need an API token from Singularity Endpoint.

The key steps are as follows:

  • Generate an API token in Singularity Endpoint.
  • Add an integration in Sophos Central.

Generate an API token from Singularity Endpoint

To generate an API token, do as follows:

  1. In the Singularity Endpoint dashboard, click My User.
  2. Click API token.
  3. Copy or click Download and save the API token to use later in Sophos Central.

Also make a note of the API version (usually 2.1).

You'll also need your base URL. This is the URL you use to manage your account and is usually in the format https://organization_name.sentinelone.net/web.

Add an integration

To integrate Singularity Endpoint with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click SentinelOne Singularity Endpoint.

    If you've already set up integrations of this type, you see them here.

  3. In Integrations, click Add integration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter the Integration name and Integration description.
    2. Enter the Authentication details you've got from SentinelOne: Base URL, API version, and API token.
    3. Click Save

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.

More information