AiStrike Documentation

SentinelOne

SentinelOne integrates with AiStrike for both cloud workload and endpoint (EDR/XDR) telemetry, using a Service User API token. The setup is identical whether used as an endpoint or cloud source.◼︎

Prerequisites

SentinelOne administrator access, with the ability to create Service Users.

Setup

  1. In your SentinelOne dashboard, go to Settings > Users > Roles, duplicate the Viewer role, and rename it ServiceRoleAiStrike. Add all Read permissions across services plus the required response capabilities (scan, file fetch, fetch logs, Deep Visibility search).

  2. Go to Service Users > Actions > Create New Service User. Name it AiStrike_Service_Account, set an expiration, and set Access Level to Account with role ServiceRoleAiStrike.

  3. Click Create User and securely store the generated API token.

Connector configuration

Field

Description

SentinelOne API Base URL

Your SentinelOne API base URL

API Token

Token with Read + Response permissions

For the XDR integration, AiStrike needs an API key with Read + Response and a read-only UI account. If you also use SentinelOne AI SIEM, provide an additional read-only API key from Policies and Settings > Product and Service > AI SIEM > API Keys. See the SentinelOne (EDR) page under Endpoint for the full step-by-step guide.