Skip to main content
Red Canary help

Integrate SentinelOne Cloud Funnel 2.0 with Red Canary

  • Updated .

This article leads you through the process of integrating SentinelOne Cloud Funnel 2.0 with Red Canary. Follow the procedure from beginning to end.

Prerequisites

  • Your SentinelOne user must have admin level access
  • Your SentinelOne tenant must have Cloud Funnel 2.0 enabled

Step 1: SentinelOne–Validate that Cloud Funnel 2.0 is available and enabled in SentinelOne

Ensure that Cloud Funnel 2.0 is enabled in your SentinelOne account.

  1. Login to your SentinelOne admin account. 
  2. From the SentinelOne navigation menu, click Settings.
  3. Click the Accounts tab, and then click the pencil icon (action) next to the account being integrated with Red Canary.
    7.png
  4. In the edit account page, review the Add-ons section.
    1. If visible, select Cloud Funnel.
    2. If Cloud Funnel is not visible, submit a support case to SentinelOne to request that they make Cloud Funnel 2.0 available in your account.8.png
  5. Click Save Changes.

Step 2: SentinelOne–Locate your SentinelOne Credentials

You will need three pieces of information in order to connect SentinelOne Cloud Funnel 2.0 to Red Canary.

  1. Login to your SentinelOne admin account.
  2. From your address bar, copy the URL, and then save your SentinelOne Management API Host. You’ll use this in a later step.
    Example: https://usea1-100-abc.sentinelone.net
  3. From the SentinelOne navigation menu, click Sentinels.
    1.png
  4. Click the ACCOUNT INFO tab. You’ll use this in a later step.
  5. Copy and then save the Account ID. You’ll use this in a later step.
    2.png
  6. From the SentinelOne navigation menu, click Settings.
    3.png
  7. Click your user profile dropdown, and then click My User.
  8. Click the Options dropdown.
  9. Click Generate API Token.
    5.png
  10. Copy and then save the API Token. You’ll use this in a later step.
  11. Click Close.

Step 3: Red Canary–Enter your SentinelOne credentials

Enter your SentinelOne credentials to configure telemetry streaming in Red Canary.

  1. From the Red Canary navigation menu, click the Integrations dropdown.
  2. Click EDR Products.
  3. In the search bar, type and then select SentinelOne with Cloud Funnel 2.0.
    6.png
  4. To configure your new EDR product, scroll down and then click SentinelOne with Cloud Funnel 2.0.
  5. Enter a Description for your EDR product.  
  6. Enter your SentinelOne Management Account ID from Step 2.5.
  7. Enter your SentinelOne Management API Token from Step 2.10.
  8. Enter your SentinelOne Management API Host from Step 2.2.
  9. Select a SentinelOne Account Type
    • This will most likely be an Account Type of "Account" for most integrations. However, if the configured tenant is set up as a site level tenant, select "Site." 
  10. Click Save.

Comments

0 comments

Please sign in to leave a comment.