Set up SentinelOne Singularity Endpoint for Integration

1. Log in to your SentinelOne Singularity console with an account that has administrator privileges.
2. Navigate to Settings Users to open the user management page.
3. Select the Roles view, and then click Actions New Role to create a role for Cortex XSOAR to use.

   1. Provide a Role Name to help you identify the service role.
   2. Add permissions to the role so that it can access the information needed for the integration with Device Security.

      1. Search for the Endpoints page and select View permission.
      2. Search for the Applications page and select View and View Risks permissions.
   3. Save the new role.

      This brings you back to the Users page.
4. Select the Service Users view, and then click Actions Create New Service User to create the service user for Cortex XSOAR.

   1. Provide a Name to help you identify the service user for Cortex XSOAR.
   2. Configure an Expiration Date that meets your needs for security and usability.

      Minimizing the API token expiration duration provides better security, but requires you to regenerate the API token each time you run the integration job. If you plan to run the integration job frequently or on a recurring schedule, consider extending the API token expiration duration.
   3. Click Next to go to the Select Scope of Access screen.
   4. Select the Access Level. The access level controls the scope of how much information Device Security learns from SentinelOne.
   5. Select the role you created previously as the account for the service user.
   6. Create User to generate the API token.
5. Copy API Token for the user role and save it in a secure location.

   After you close the workflow, you cannot view the API token again. If you forget the API token, you will need to generate a new one and update the integration instance in Cortex XSOAR.
6. Close the Service User and API Token creation workflow.