Connecting SentinelOne to SaaS Alerts

Prerequisites

Creating a SentinelOne API connection to SaaS Alerts requires the creation of a service account with viewer permissions within the SentinelOne dashboard. We suggest extending the user expiration date to a custom value of three years to prevent having to create a new service account and API token.

The connection also requires your SentinelOne URL (the address you will log into to create the needed service account).

Creating the SentinelOne API connection in SaaS Alerts

Create a new organization or use an existing one, and click New Application.
Select SentinelOne.
Enter your full SentinelOne instance URL, and then the entire API key you generated with the service account created.
Click Finish.

After clicking Finish, it may take up to 30 seconds or more for the process to finish.

PSA support

As of May 2024, PSA ticket generation is supported by the App Wizard connections for all products.

Monitored events

IAM Event - Authentication Success
IAM Event - Authentication Failure
IAM Event - MFA Authentication Failure
IAM Event - User Logged Out
IAM Event - New User Added
IAM Event - Password Reset
IAM Event - User Deleted
IAM Event - Password Reset Initiated
IAM Event - Account Locked
IAM Event - Multi-Factor Authentication Enabled
IAM Event - User Updated

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!