SentinelOne Plugin

Hello,

Can the SentinelOne plugin for InsightConnect connect with SentinelOne management console via an API token? It appears the only way is through username/password credentials according to here: Rapid7 Extensions

This is in light of SentinelOne issuing mandatory 2FA which may be challenging to manage whenever a workflow is run that requires authentication to SentinelOne to perform actions.

We are working on an updated connection method for the plugin and will release an update.

Thank you Michael. Is there an estimated timeline of when that might be by?

There is not one at this time, I know it is something they are actively looking at. I can provide an update when I have more of a definitive timeframe.

Update:

SentinelOne Version 8.0 has been released today.

Authentication methods currently supported by the SentinelOne plugin:

  • Service User Role Plugin (Supported on Plugin Version 8.0 & later) - This is the latest authentication role created within the SentinelOne platform. This role does not allow direct SentinelOne console login. To create this connection within InsightConnect you need an API key, and the SentinelOne Platform URL.

  • API Authentication (Supported on Plugin Version 7.0 & later) - This replaced basic auth as the authentication method earlier this year. In order to utilize this method you will need an email address, API key, and SentinelOne Platform URL.

1 Like