Connect SentinelOne¶
Step-by-step guide to connecting SentinelOne to Thalian for endpoint security intelligence.
Prerequisites¶
- SentinelOne management console access
- API token with read permissions at the account or site level
Create an API Token in SentinelOne¶
- Sign in to the SentinelOne management console
- Click your username in the top-right corner → My User
- Under Options, click Generate API Token
- Copy the token value — it is shown only once
The token inherits the permissions of the user who generates it. A Viewer role is sufficient for Thalian's read-only needs.
Connect in Thalian¶
- Go to Integrations → Browse
- Find SentinelOne and click Connect
- Enter your SentinelOne console URL (e.g.,
https://yourcompany.sentinelone.net) - Paste your API token
- Click Save — Thalian validates the credentials and begins the first sync
What Thalian Syncs¶
- Agents — deployed agent inventory with OS, version, and status
- Threats — active and resolved threats with classification and confidence level
- Device health — agent health status and connectivity state
For a full list of supported platforms, see Integrations Guide.