Authentication #

SentinelOne Source Plugin Configuration Reference

Example #

kind: source
# Common source-plugin configuration
spec:
  name: sentinelone
  path: cloudquery/sentinelone
  registry: cloudquery
  version: "v1.13.0"
  tables:
    - "sentinelone_accounts"
    - "sentinelone_agent_packages"
    - "sentinelone_agents"
    - "sentinelone_export_agents"
    - "sentinelone_installed_applications"
    - "sentinelone_sites"
    - "sentinelone_threats"
    - "sentinelone_threat_notes"
  destinations: ["postgresql"]

  # Learn more about the configuration options at https://cql.ink/sentinelone_source
  spec:
    # required
    api_token: "${SENTINELONE_API_TOKEN}"
    # required
    management_url: "https://domain.sentinelone.net"
#    optional: A list of account IDs to filter by. Omit this field to fetch for all account IDs.
#    account_ids: [<YOUR_ACCOUNT_ID_1>] 
#    optional: A list of site IDs to filter by. Omit this field to fetch for all site IDs.
#    site_ids: [<YOUR_SITE_ID_1>]
#    optional: A list of group IDs to filter by. Omit this field to fetch for all group IDs.
#    group_ids: [<YOUR_GROUP_ID_1>]

SentinelOne Spec #

• api_token (string) (required)

  An API Token to access SentinelOne resources.
• management_url (string) (required)

  Your SentinelOne Management Console URL. With or without a trailing slash.
• account_ids ([]string) (default: null)

  A list of account IDs to filter the sync results by. Omit this field to fetch for all account IDs.
• site_ids ([]string) (default: null)

  A list of site IDs to filter the sync results by. Omit this field to fetch for all site IDs.
• group_ids ([]string) (default: null)

  A list of group IDs to filter the sync results by. Omit this field to fetch for all group IDs.
• concurrency (integer) (optional) (default: 10)

  A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
• scheduler (string) (optional) (default: dfs) The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.

  For more information about this, see performance tuning.
• table_options (map) (default: null)

  A set of options to override the defaults for certain tables.

  The format of the table_options object is as follows:

  table_options:
    <table_name>:
      - <input_object>

  A list of <input_object> objects should be provided. The plugin will iterate through these to make multiple API calls. The following tables are supported:

  table_options:
    sentinelone_installed_applications:
      - <Parameters for GET /web/api/v2.1/installed-applications endpoint>
      # Example
      - installedAt__between: "1708815411000-1709074611000"
        size__between: "1024-104856"

  If a table allows using table options, you can check the detailed list of allowed parameters in the documentation page of that table. Some tables allow using CloudQuery's Time type, which allows for defining timestamps in both absolute and relative formats.

  Absolute timestamps must be RFC3339 formatted. Example: 2024-01-01T12:00:00+00:00.

  Relative timestamps can take this format:

  • now
  • x seconds [ago|from now]
  • x minutes [ago|from now]
  • x hours [ago|from now]
  • x days [ago|from now]

  Here are a few valid values for the until field:

  • until: now
  • until: 2 days ago
  • until: 10 months 3 days 4h20m from now
  • until: 2024-01-01T12:00:00+00:00