# SentinelOne

## Overview <a href="#overview" id="overview"></a>

The SentinelOne integration connects endpoint security data to your Sola workspace, making it easy to search and find answers to your specific use cases.

The SentinelOne integration provides a comprehensive view of your endpoint security environment, enabling you to monitor endpoint agents, analyze threat detections, and track overall security posture across your organization.

With the SentinelOne integration, you can:

* Gain visibility into endpoint agents and threat detection events.
* Monitor vulnerabilities, applications, and detection rule activity.
* Review security management policies.
* Track and analyze endpoint activity across your environment.

{% hint style="warning" %}
**Your data can only be retrieved, never modified.**

Once connected, your data is securely stored, and access is restricted to retrieving configurations and metadata only. Authentication methods ensure secure delegation of permissions while maintaining data integrity.
{% endhint %}

## Set up SentinelOne data source integration with Sola <a href="#set-up-wiz-data-source-integration-with-sola" id="set-up-wiz-data-source-integration-with-sola"></a>

To connect SentinelOne, you’ll need a SentinelOne tenant with an administrator user.

{% columns %}
{% column width="66.66666666666666%" %}
Go to ***Integrations*** > [***Data Sources***](https://app.sola.security/integrations/data-sources) > click ***New data source*** > select ***SentinelOne***.

*The Sola wizard will take you through the steps.*
{% endcolumn %}

{% column width="33.33333333333334%" %} <a href="https://app.sola.security/integrations/data-sources?integration=sentinelone" class="button primary">Set up SentinelOne -></a>
{% endcolumn %}
{% endcolumns %}

{% tabs %}
{% tab title="API Token" %}
This method uses an [API token](https://help.sumologic.com/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source/) to securely grant Sola read-only access to your SentinelOne services and resources.
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/integrations/data-sources/sentinelone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.