This article leads you through the process of integrating SentinelOne Cloud Funnel 2.0 with Red Canary. Follow the procedure from beginning to end.
Prerequisites
- Your SentinelOne user must have admin level access
- Your SentinelOne tenant must have Cloud Funnel 2.0 enabled
Step 1: SentinelOne–Validate that Cloud Funnel 2.0 is available and enabled in SentinelOne
Ensure that Cloud Funnel 2.0 is enabled in your SentinelOne account.
- Login to your SentinelOne admin account.
- From the SentinelOne navigation menu, click Settings.
- Click the Accounts tab, and then click the pencil icon (action) next to the account being integrated with Red Canary.
- In the edit account page, review the Add-ons section.
- If visible, select Cloud Funnel.
- If Cloud Funnel is not visible, submit a support case to SentinelOne to request that they make Cloud Funnel 2.0 available in your account.
- Click Save Changes.
Step 2: SentinelOne–Locate your SentinelOne Credentials
You will need three pieces of information in order to connect SentinelOne Cloud Funnel 2.0 to Red Canary.
- Login to your SentinelOne admin account.
- From your address bar, copy the URL, and then save your SentinelOne Management API Host. You’ll use this in a later step.
Example: https://usea1-100-abc.sentinelone.net - From the SentinelOne navigation menu, click Sentinels.
- Click the ACCOUNT INFO tab. You’ll use this in a later step.
- Copy and then save the Account ID. You’ll use this in a later step.
- From the SentinelOne navigation menu, click Settings.
- Click your user profile dropdown, and then click My User.
- Click the Options dropdown.
- Click Generate API Token.
- Copy and then save the API Token. You’ll use this in a later step.
- Click Close.
Step 3: Red Canary–Enter your SentinelOne credentials
Enter your SentinelOne credentials to configure telemetry streaming in Red Canary.
- From the Red Canary navigation menu, click the Integrations dropdown.
- Click EDR Products.
- In the search bar, type and then select SentinelOne with Cloud Funnel 2.0.
- To configure your new EDR product, scroll down and then click SentinelOne with Cloud Funnel 2.0.
- Enter a Description for your EDR product.
- Enter your SentinelOne Management Account ID from Step 2.5.
- Enter your SentinelOne Management API Token from Step 2.10.
- Enter your SentinelOne Management API Host from Step 2.2.
- Select a SentinelOne Account Type.
- This will most likely be an Account Type of "Account" for most integrations. However, if the configured tenant is set up as a site level tenant, select "Site."
- Click Save.
Comments
0 comments
Please sign in to leave a comment.