Back to source list
Official
Premium
SentinelOne source integration documentation
Sync from SentinelOne to any destination
Publisher
cloudquery
Latest version
v3.0.0
Type
Source
Platforms
Date Published
Loading plugin documentation
Sync from SentinelOne to any destination
Publisher
cloudquery
Latest version
v3.0.0
Type
Source
Platforms
Date Published
Loading plugin documentation
We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.
cloudquery needs to be authenticated.
An API Token is required for authentication.kind: source
# Common source-plugin configuration
spec:
name: sentinelone
path: cloudquery/sentinelone
registry: cloudquery
version: "v3.0.0"
tables:
- "sentinelone_accounts"
- "sentinelone_agent_packages"
- "sentinelone_agents"
- "sentinelone_export_agents"
- "sentinelone_installed_applications"
- "sentinelone_sites"
- "sentinelone_threats"
- "sentinelone_threat_notes"
destinations: ["postgresql"]
# Learn more about the configuration options at https://cql.ink/sentinelone_source
spec:
# required
api_token: "${SENTINELONE_API_TOKEN}"
# required
management_url: "https://domain.sentinelone.net"
# optional: A list of account IDs to filter by. Omit this field to fetch for all account IDs.
# account_ids: [<YOUR_ACCOUNT_ID_1>]
# optional: A list of site IDs to filter by. Omit this field to fetch for all site IDs.
# site_ids: [<YOUR_SITE_ID_1>]
# optional: A list of group IDs to filter by. Omit this field to fetch for all group IDs.
# group_ids: [<YOUR_GROUP_ID_1>]
api_token (string) (required)management_url (string) (required)account_ids ([]string) (default: null)site_ids ([]string) (default: null)group_ids ([]string) (default: null)concurrency (integer) (optional) (default: 10)scheduler (string) (optional) (default: dfs)
The scheduler to use when determining the priority of resources to sync.
Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.table_options (map) (default: null)table_options object is as follows:table_options:
<table_name>:
- <input_object>
<input_object> objects should be provided. The plugin will iterate through these to make multiple API calls.
The following tables are supported:table_options:
sentinelone_installed_applications:
- <Parameters for GET /web/api/v2.1/installed-applications endpoint>
# Example
- installedAt__between: "1708815411000-1709074611000"
size__between: "1024-104856"
Time type, which allows for defining timestamps in both absolute and relative formats.2024-01-01T12:00:00+00:00.nowx seconds [ago|from now]x minutes [ago|from now]x hours [ago|from now]x days [ago|from now]until field:until: nowuntil: 2 days agountil: 10 months 3 days 4h20m from nowuntil: 2024-01-01T12:00:00+00:00