The current version of SentinelOne has implemented Service Users for the purpose of bypassing the 2FA and email requirement on an account.
Unfortunately, per my discussion with SentinelOne support, the Service Users do not “log in” to the console the way that a user account API token does.
Using Postman, I can perform the calls using the Service User, but the Iconn script fails when I attempt to use the Service User.
My user API token worked, however. It should be relatively obvious why that isn’t an ideal solution.
Here is the error from the Connections panel when using the Service User’s API token:
Connect: Connecting…
Trying to authenticate with API version 2.1
API v2.1 failed… trying v2.0
‘NoneType’ object has no attribute ‘get’
Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.4-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 376, in handle_step
output = self.start_step(
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.4-py3.8.egg/insightconnect_plugin_runtime/plugin.py”, line 461, in start_step
connection = self.connection_cache.get(message_body[“connection”], logger)
File “/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.7.4-py3.8.egg/insightconnect_plugin_runtime/connection.py”, line 49, in get
conn.connect(parameters)
File “/usr/local/lib/python3.8/site-packages/sentinelone_rapid7_plugin-7.1.0-py3.8.egg/komand_sentinelone/connection/connection.py”, line 61, in connect
self.token, self.api_version = self.get_auth_token()
File “/usr/local/lib/python3.8/site-packages/sentinelone_rapid7_plugin-7.1.0-py3.8.egg/komand_sentinelone/connection/connection.py”, line 87, in get_auth_token
token = response.json().get(DATA_FIELD).get(“token”)
AttributeError: ‘NoneType’ object has no attribute ‘get’