Back to plugin list
sentinelone
Official
Premium

SentinelOne

Sync from SentinelOne to any destination

Publisher

cloudquery

Latest version

v1.5.0

Type

Source

Platforms
Date Published

Price per 1M rows

Starting from $15

monthly free quota

1M rows

Set up process #


brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync sentinelone.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview #

The CloudQuery SentinelOne plugin pulls data out of SentinelOne and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

In order to fetch information from SentinelOne, cloudquery needs to be authenticated. An API Token is required for authentication.

SentinelOne Source Plugin Configuration Reference

Example #

This example syncs from SentinelOne to a Postgres destination. The (top level) source spec section is described in the Source Spec Reference.
kind: source
# Common source-plugin configuration
spec:
  name: sentinelone
  path: cloudquery/sentinelone
  registry: cloudquery
  version: "v1.5.0"
  tables:
    - "sentinelone_accounts"
    - "sentinelone_agent_packages"
    - "sentinelone_agents"
    - "sentinelone_export_agents"
    - "sentinelone_installed_applications"
    - "sentinelone_sites"
    - "sentinelone_threats"
    - "sentinelone_threat_notes"
  destinations: ["postgresql"]

  spec:
    # required
    api_token: "${SENTINELONE_API_TOKEN}"
    # required
    management_url: "https://domain.sentinelone.net"
#    optional: A list of account IDs to filter by. Omit this field to fetch for all account IDs.
#    account_ids: [<YOUR_ACCOUNT_ID_1>] 
#    optional: A list of site IDs to filter by. Omit this field to fetch for all site IDs.
#    site_ids: [<YOUR_SITE_ID_1>]
#    optional: A list of group IDs to filter by. Omit this field to fetch for all group IDs.
#    group_ids: [<YOUR_GROUP_ID_1>]

SentinelOne Spec #

This is the (nested) spec used by the SentinelOne source plugin.
  • api_token (string) (required)
    An API Token to access SentinelOne resources.
  • management_url (string) (required)
    Your SentinelOne Management Console URL. With or without a trailing slash.
  • account_ids ([]string) (default: null)
    A list of account IDs to filter the sync results by. Omit this field to fetch for all account IDs.
  • site_ids ([]string) (default: null)
    A list of site IDs to filter the sync results by. Omit this field to fetch for all site IDs.
  • group_ids ([]string) (default: null)
    A list of group IDs to filter the sync results by. Omit this field to fetch for all group IDs.
  • concurrency (integer) (optional) (default: 10)
    The best effort maximum number of Go routines to use. Lower this number to reduce memory usage.



© 2024 CloudQuery, Inc. All rights reserved.