SentinelOne

Pull threats and alerts from SentinelOne. Test verifies credentials; alert ingestion is in an upcoming release.

Source connector

Source connector — pulls identity and access data from SentinelOne into ComplianceScout where it is scored against your compliance frameworks and violation rules.

What ComplianceScout collects

After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.

Threat alerts with severity, classification, and affected endpoint
SentinelOne user accounts with role and scope
Endpoint health and agent version inventory
Policy exclusions and threat mitigation actions

Required credentials

These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.

Field	Type	Required	Notes
API token	Secret	Required	Generated from My User → API Token in the S1 console.
Management URL	URL	Required	URL of your S1 console, e.g. https://acme.sentinelone.net

How to set up this connector

Follow these steps to gather the credentials above and connect SentinelOne to ComplianceScout.

Log in to the SentinelOne management console and click your user avatar → My User.
Scroll to the API Token section and click Generate. Copy the token — it is shown once.
Note your management URL from the browser address bar (e.g. https://acme.sentinelone.net).
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → SentinelOne, enter the management URL and API token, then click Test and Save.

Ready to connect SentinelOne?

Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.

Start a free trial Add connector →