search
Adaptiva.comSupport

SentinelOne

You can configure OneSite Patch to collect vulnerability metadata from your SentinelOne site. This allows Patch Deployment Bots to deploy patches based on Spotlight vulnerability metadata.

You will need to create a Service User with Viewer permissions to your site and generate an API token to provide read access from OneSite Patch.

circle-info

Always check the SentinelOne documentation for the latest information on using API tokens for service access.

hashtag
Enable SentinelOne integration with OneSite Patch

To enable SentinelOne integration, you will need to add either your OneSite Patch for SentinelOne or SentinelOne add-on for OneSite Patch license from Adaptiva.

You can add and view your license keys in the Adaptiva Admin Portal. See License your Adaptiva products for details.

hashtag
Create your SentinelOne API token

  1. Sign in to the SentinelOne Management Console as an administrator.

  2. In the Management Console, click Settings.

  3. In the Settings view, click Users.

  4. Click Service Users.

  • Use service users to create API tokens that are not linked to a specific Console user and email address.

  1. Click Actions | Create New Service User.

  2. Create a new service user with the name of Adaptiva Service User and an expiration date.

Note

Review the expiration settings with your security administrator and take note of the expiration date

  1. Click Next.

  2. On the Select Scope of Access page, select the Access Level and Permissions for the user (ex. [Site Name]: Viewer).

  3. Click Create User.

  4. In the API Token for Adaptiva Service User dialog, click Copy API Token. Save this token for later configuration in the Adaptiva Admin Portal

Caution

This is the only time you can view the token, be sure to save it!

  1. Click Close.

hashtag
Configure SentinelOne access in the Adaptiva Admin Portal

  1. Log in to the Adaptiva Admin Portal.

  2. Select OneSite Patch.

  3. In the left navigation menu, select SentinelOne.

    A screenshot of a computer AI-generated content may be incorrect.

This opens the SentinelOne Access Settings page.

A screenshot of a computer AI-generated content may be incorrect.

  1. Enter the Host, API Key, and Vulnerability Data Reset Schedule in the respective fields of the SentinelOne Access Settings page.

  2. Select Save.

hashtag
Metadata properties

These metadata properties can be used to filter patches when creating patch strategies.

Property
Description

SentinelOne.SecurityExposure

The highest Security Exposure rating of all the CVEs referenced by the metadata object in Risk.CveIds and all of its superseded objects.

SentinelOne.KnownExploitExists

SentinelOne's indication of whether or not a known exploit exists for the vulnerability that this Object fixes.

SentinelOne.ExploitedInTheWild

Indicates if this vulnerability has been successfully exploited in a production environment.

SentinelOne.Score

The MITRE-assigned risk score for this vulnerability. On a range from 0.0 to 10.0 with one decimal point.

SentinelOne.EpssScore

The Exploit Prediction Scoring System (EPSS) score which is a probability score between 0 and 1 (0 and 100%). The higher the score the greater the probability that a vulnerability will be exploited.

SentinelOne.ExploitMaturity

The maturity of any exploit that exists for this vulnerability.

SentinelOne.RemediationLevel

The status of any available remediations for this vulnerability.

SentinelOne.ReportedConfidence

The confidence SentinelOne has that this vuln is present in the client's environment.

SentinelOne.RiskSeverity

The severity SentinelOne has assigned to this vulnerability. Possible values include unknown low medium high and critical.

PreviousMicrosoft DefenderNextBusiness Units and Rollout Processes

Last updated

Was this helpful?