# SentinelOne

You can configure OneSite Patch to collect vulnerability metadata from your SentinelOne site. This allows Patch Deployment Bots to deploy patches based on Spotlight vulnerability metadata.

You will need to create a Service User with Viewer permissions to your site and generate an API token to provide read access from OneSite Patch.

{% hint style="info" %}
Always check the SentinelOne documentation for the latest information on using API tokens for service access.
{% endhint %}

## Enable SentinelOne integration with OneSite Patch

To enable SentinelOne integration, you will need to add either your *OneSite Patch for SentinelOne* or *SentinelOne add-on for OneSite Patch* license from Adaptiva.

You can add and view your license keys in the Adaptiva Admin Portal. See **License your Adaptiva products** for details.

## Create your SentinelOne API token

1. Sign in to the SentinelOne Management Console as an administrator.
2. In the Management Console, click **Settings**.
3. In the **Settings** view, click **Users**.
4. Click **Service Users**.

* Use service users to create API tokens that are not linked to a specific Console user and email address.

5. Click **Actions | Create New Service User**.
6. Create a new service user with the name of **Adaptiva Service User** and an expiration date.

> **Note**
>
> Review the expiration settings with your security administrator and take note of the expiration date

7. Click **Next**.
8. On the Select Scope of Access page, select the **Access Level** and **Permissions** for the user (ex. \[*Site Name*]: Viewer).
9. Click **Create User**.
10. In the API Token for Adaptiva Service User dialog, click **Copy API Token**. Save this token for later configuration in the Adaptiva Admin Portal

> **Caution**
>
> This is the only time you can view the token, be sure to save it!

11. Click **Close**.

## Configure SentinelOne access in the Adaptiva Admin Portal

1. Log in to the Adaptiva Admin Portal.
2. Select **OneSite Patch**.
3. In the left navigation menu, select **SentinelOne**.

   ![A screenshot of a computer AI-generated content may be incorrect.](/files/dr7Kt1PNphsLa5axnHhO)

This opens the SentinelOne Access Settings page.

![A screenshot of a computer AI-generated content may be incorrect.](/files/AeWk6hFil7fSV1ccCR7N)

4. Enter the **Host**, **API Key**, and **Vulnerability Data Reset Schedule** in the respective fields of the **SentinelOne Access Settings** page.
5. Select **Save**.

## Metadata properties

These metadata properties can be used to filter patches when creating patch strategies.

| Property                       | Description                                                                                                                                                                                            |
| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| SentinelOne.SecurityExposure   | The highest Security Exposure rating of all the CVEs referenced by the metadata object in Risk.CveIds and all of its superseded objects.                                                               |
| SentinelOne.KnownExploitExists | SentinelOne's indication of whether or not a known exploit exists for the vulnerability that this Object fixes.                                                                                        |
| SentinelOne.ExploitedInTheWild | Indicates if this vulnerability has been successfully exploited in a production environment.                                                                                                           |
| SentinelOne.Score              | The MITRE-assigned risk score for this vulnerability. On a range from 0.0 to 10.0 with one decimal point.                                                                                              |
| SentinelOne.EpssScore          | The Exploit Prediction Scoring System (EPSS) score which is a probability score between 0 and 1 (0 and 100%). The higher the score the greater the probability that a vulnerability will be exploited. |
| SentinelOne.ExploitMaturity    | The maturity of any exploit that exists for this vulnerability.                                                                                                                                        |
| SentinelOne.RemediationLevel   | The status of any available remediations for this vulnerability.                                                                                                                                       |
| SentinelOne.ReportedConfidence | The confidence SentinelOne has that this vuln is present in the client's environment.                                                                                                                  |
| SentinelOne.RiskSeverity       | The severity SentinelOne has assigned to this vulnerability. Possible values include unknown low medium high and critical.                                                                             |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.adaptiva.com/patch/integrations/integrate-sentinelone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.