SentinelOne offers solutions that deliver real-time endpoint protection, detection and response, and monitors IoT frameworks for vulnerabilities. These solutions also provide features and leverage the cloud for scalability.
Data from SentinelOne is collected by Hunters and ingested to our database, then populated in the Hunters portal and correlated to other related detected threats from SentinelOne and also different sources.
Note: Hunters currently supports collection for the SentinelOne API in version 2.1.
Supported data types
Threats: All the Threats from SentinelOne's EDR solution.
Agents: All the Agents from SentinelOne's EDR solution.
Sending data to Hunters
SentinelOne APIs use a specific URL for every organization and an API key for authentication and access control. In order to grant Hunters permissions to access the Threat data in your SentinelOne deployment, you will need to supply Hunters with the relevant API URL and API key.
From there, Hunters will ingest all the supported data from the SentinelOne API.