Back to plugin list
Official
Premium
SentinelOne
Sync from SentinelOne to any destination
Publisher
cloudquery
Latest version
v1.8.1
Type
Source
Platforms
Date Published
Price per 1M rows
Starting from $15
monthly free quota
1M rows
Set up process #
brew install cloudquery/tap/cloudquery
1. Download CLI and login
2. Create source and destination configs
Plugin configurationOverview #
The CloudQuery SentinelOne plugin pulls data out of SentinelOne and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).
Authentication #
In order to fetch information from SentinelOne,
cloudquery
needs to be authenticated.
An API Token is required for authentication.SentinelOne Source Plugin Configuration Reference
Example #
This example syncs from SentinelOne to a Postgres destination.
The (top level) source spec section is described in the Source Spec Reference.
kind: source
# Common source-plugin configuration
spec:
name: sentinelone
path: cloudquery/sentinelone
registry: cloudquery
version: "v1.8.1"
tables:
- "sentinelone_accounts"
- "sentinelone_agent_packages"
- "sentinelone_agents"
- "sentinelone_export_agents"
- "sentinelone_installed_applications"
- "sentinelone_sites"
- "sentinelone_threats"
- "sentinelone_threat_notes"
destinations: ["postgresql"]
# Learn more about the configuration options at https://cql.ink/sentinelone_source
spec:
# required
api_token: "${SENTINELONE_API_TOKEN}"
# required
management_url: "https://domain.sentinelone.net"
# optional: A list of account IDs to filter by. Omit this field to fetch for all account IDs.
# account_ids: [<YOUR_ACCOUNT_ID_1>]
# optional: A list of site IDs to filter by. Omit this field to fetch for all site IDs.
# site_ids: [<YOUR_SITE_ID_1>]
# optional: A list of group IDs to filter by. Omit this field to fetch for all group IDs.
# group_ids: [<YOUR_GROUP_ID_1>]
SentinelOne Spec #
This is the (nested) spec used by the SentinelOne source plugin.
api_token
(string
) (required)An API Token to access SentinelOne resources.management_url
(string
) (required)Your SentinelOne Management Console URL. With or without a trailing slash.account_ids
([]string
) (default:null
)A list of account IDs to filter the sync results by. Omit this field to fetch for all account IDs.site_ids
([]string
) (default:null
)A list of site IDs to filter the sync results by. Omit this field to fetch for all site IDs.group_ids
([]string
) (default:null
)A list of group IDs to filter the sync results by. Omit this field to fetch for all group IDs.concurrency
(integer
) (optional) (default:10
)The best effort maximum number of Go routines to use. Lower this number to reduce memory usage.table_options
(map
) (default:null
)A set of options to override the defaults for certain tables.The format of thetable_options object
is as follows:table_options: <table_name>: - <input_object>
A list of<input_object>
objects should be provided. The plugin will iterate through these to make multiple API calls. The following tables are supported:table_options: sentinelone_installed_applications: - <Parameters for GET /web/api/v2.1/installed-applications endpoint> # Example - installedAt__between: "1708815411000-1709074611000" size__between: "1024-104856"