Official

Premium

SentinelOne

Sync from SentinelOne to any destination

Make sure to sign up and run cloudquery login before running your first sync.

Publisher

cloudquery

Latest version

v1.4.0

Type

Source

Platforms

Date Published

May 14, 2024

Price per 1M rows

Starting from $15

monthly free quota

1M rows

Documentation Tables Changelog Destinations

Overview

Set up process

brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync sentinelone.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview

The CloudQuery SentinelOne plugin pulls data out of SentinelOne and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication

In order to fetch information from SentinelOne, cloudquery needs to be authenticated. An API Token is required for authentication.

SentinelOne Source Plugin Configuration Reference

Example

This example syncs from SentinelOne to a Postgres destination. The (top level) source spec section is described in the Source Spec Reference.

kind: source
# Common source-plugin configuration
spec:
  name: sentinelone
  path: cloudquery/sentinelone
  registry: cloudquery
  version: "v1.4.0"
  tables:
    - "sentinelone_accounts"
    - "sentinelone_agent_packages"
    - "sentinelone_agents"
    - "sentinelone_export_agents"
    - "sentinelone_installed_applications"
    - "sentinelone_sites"
    - "sentinelone_threats"
    - "sentinelone_threat_notes"
  destinations: ["postgresql"]

  spec:
    # required
    api_token: "${SENTINELONE_API_TOKEN}"
    # required
    management_url: "https://domain.sentinelone.net"
#    optional: A list of account IDs to filter by. Omit this field to fetch for all account IDs.
#    account_ids: [<YOUR_ACCOUNT_ID_1>] 
#    optional: A list of site IDs to filter by. Omit this field to fetch for all site IDs.
#    site_ids: [<YOUR_SITE_ID_1>]
#    optional: A list of group IDs to filter by. Omit this field to fetch for all group IDs.
#    group_ids: [<YOUR_GROUP_ID_1>]

SentinelOne Spec

This is the (nested) spec used by the SentinelOne source plugin.

api_token (string) (required)
An API Token to access SentinelOne resources.
management_url (string) (required)
Your SentinelOne Management Console URL. With or without a trailing slash.
account_ids ([]string) (default: null)
A list of account IDs to filter the sync results by. Omit this field to fetch for all account IDs.
site_ids ([]string) (default: null)
A list of site IDs to filter the sync results by. Omit this field to fetch for all site IDs.
group_ids ([]string) (default: null)
A list of group IDs to filter the sync results by. Omit this field to fetch for all group IDs.
concurrency (integer) (optional) (default: 10)
The best effort maximum number of Go routines to use. Lower this number to reduce memory usage.