To enable the AlienApp for SentinelOne
To configure AlienApp for SentinelOne in USM Anywhere, you need to generate an API key in your SentinelOne instance and enter it into USM Anywhere.
To set up your SentinelOne API
- Log in to your SentinelOne management console.
- Go to Settings > Users.
Click on the Admin user account (or user account with IR Team Privileges) you want to use with USM Anywhere.
Next to API Token, click Generate to create your API token.
Click Download to save the API token.
Save the API somewhere where you can access it again easily when you configure the API in USM Anywhere.
- In USM Anywhere, go to Data Sources > AlienApps.
- Click the Available Apps tab.
- Search for the AlienApp, and then click the tile.
- Click Configure API.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.
Enter the Management URL of your SentinelOne instance, your SentinelOne Username, and the API Token you created.
Check Allow Creation of New Assets to allow SentinelOne scans to create new assets in USM Anywhere.
Check Allow Merging of Existing Assets to allow USM Anywhere to run a match against the SentinelOne identification to merge the assets found with existing USM Anywhere assets.
See AlienApp for SentinelOne Asset Discovery and Management for more details on the asset creation and merging processes.
- Click Save.