{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"SentinelOne Integration","description":"Control the power of AI Agents in runtime.","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"sentinelone-integration","__idx":0},"children":["SentinelOne Integration"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Connect your SentinelOne (Singularity) console to Capsule Security to inventory your managed endpoints and discover the AI coding agents running on them."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"overview","__idx":1},"children":["Overview"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This integration uses the SentinelOne Singularity Management API to sync:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Devices"]}," — Endpoint inventory from the Agents API (hostnames, OS and version, agent version, IP addresses, last-logged-in user, account / site / group, last-active time)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["AI coding agents"]}," — Claude Code, Cursor, GitHub Copilot, Codex, Gemini CLI, Windsurf, and similar developer agents detected from process-launch telemetry via ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Deep Visibility"]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Device inventory comes from the synchronous Agents list; shadow-AI detection comes from a Deep Visibility process query run over a rolling 7-day window. Capsule connects with a read-only API token and never installs software on endpoints or writes to your SentinelOne tenant."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":2},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before you begin, ensure you have:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["An active ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["SentinelOne Singularity"]}," deployment with endpoints reporting to the console"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Access to create a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Service User"]}," and generate an ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["API token"]}," in the SentinelOne console (a console administrator role)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Your tenant-specific ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://your-instance.sentinelone.net"]},")"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["A ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Capsule Security"]}," account with admin access"]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Recommended — Service-User token with Viewer scope at Account or Global level."]}," Capsule needs read access across the endpoints you want inventoried. A token scoped to a single Site only sees that Site's data; for full coverage, issue the token from a Service User scoped at the Account or Global level. Viewer is sufficient — no write scope is required."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Recommended — Deep Visibility licensed."]}," Runtime detection of AI coding agents relies on ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Deep Visibility"]}," (the historical event store). If your tenant does not license Deep Visibility, the integration still installs and provides full device inventory — see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"#feature-availability"},"children":["Feature availability"]}," below."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-1-create-an-api-token-in-the-sentinelone-console","__idx":3},"children":["Step 1: Create an API Token in the SentinelOne Console"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Capsule authenticates to SentinelOne with a long-lived API token. SentinelOne does not use OAuth — you generate the token once in the console and Capsule stores it encrypted. There is no automatic refresh, so token rotation is operator-managed."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"steps","__idx":4},"children":["Steps"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Sign in to your ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["SentinelOne console"]}," at your tenant URL (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://your-instance.sentinelone.net"]},")."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Settings → Users → Service Users"]},"."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Create New Service User"]}," (or open an existing one)."]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Name"]},": Enter a descriptive name (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Capsule Security Integration"]},")"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Scope"]},": Select ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Account"]}," or ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Global"]}," so the token sees all the endpoints you want inventoried. A ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Site"]},"-only scope limits the integration to that Site."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Role / API permission"]},": Grant at least ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Viewer"]}," — this is read-only."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Generate the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["API token"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["copy it immediately"]},". SentinelOne shows the token only once; if you lose it you must regenerate."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Note your ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," — the base address of your console (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://your-instance.sentinelone.net"]},"). This is the value you'll enter in Step 2. Capsule strips any path automatically; only the host matters."]}]}]},{"$$mdtype":"Tag","name":"blockquote","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reference:"]}," SentinelOne's ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://usea1-support.sentinelone.net/hc/en-us/articles/360004195934-Generating-API-Tokens"},"children":["Generating API Tokens"]}," article documents the token-creation flow for your console version."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"why-a-service-user-token-not-a-personal-token","__idx":5},"children":["Why a Service-User token (not a personal token)"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["A personal API token is tied to an individual console user — it inherits that user's scope and is revoked if the user is disabled or removed. A ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Service User"]}," token is purpose-built for integrations: it has an independent lifecycle, an explicit scope, and won't break when staff change. Always prefer a Service-User token for Capsule."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"security-notes","__idx":6},"children":["Security notes"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Store the API token in a secrets manager. SentinelOne displays it only once at creation."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The token is a bearer credential — anyone holding it can read your console data within its scope. Treat it as a secret."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If the token is ever exposed, ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["revoke it"]}," in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Settings → Users → Service Users"]}," and generate a new one."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Capsule stores the token encrypted at rest and uses it only to call the SentinelOne Management API over HTTPS."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-2-configure-the-integration-in-capsule","__idx":7},"children":["Step 2: Configure the Integration in Capsule"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Once you have the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["API token"]},", you can install the integration."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"steps-1","__idx":8},"children":["Steps"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Log in to the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Capsule Security"]}," portal."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Integrations"]}," in the left sidebar."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Find the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["SentinelOne"]}," card and click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Set up Integration"]},"."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The setup form asks for two values:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," — your tenant console address (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://your-instance.sentinelone.net"]},"). Must be a valid ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https"]}," URL."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["API Token"]}," — paste the token from Step 1."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Capsule validates the credentials by making a read-only call against your console. A green ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Connection successful"]}," message confirms the token is accepted."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Click ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Save"]},"."]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"after-setup","__idx":9},"children":["After setup"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Initial sync begins automatically."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The first sync typically completes in a few minutes, depending on endpoint count and the size of the 7-day Deep Visibility window Capsule queries."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["View synced endpoints in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Inventory → Devices"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["View detected AI coding agents in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Discovery → Agents"]},", mapped back to the device and last-logged-in user they ran on."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Discovery runs on a recurring schedule to pick up new endpoints, decommissioned endpoints, and newly observed AI agents."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"feature-availability","__idx":10},"children":["Feature Availability"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The integration runs with whatever your API token's scope and your tenant's licensing allow. Use this matrix to understand what you'll see in Capsule."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Capsule feature"},"children":["Capsule feature"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Requires"},"children":["Requires"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Device inventory"]}," (hostnames, OS, agent version, IPs, last-logged-in user)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["API token with ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Viewer"]}," scope"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["AI coding-agent detection"]}," (Claude Code, Cursor, Copilot, Codex, and others)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Deep Visibility"]}," licensed + token can run DV"]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"without-deep-visibility","__idx":11},"children":["Without Deep Visibility"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If your tenant does not license Deep Visibility — or the Deep Visibility query times out or is unavailable during a sync — Capsule ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["downgrades gracefully"]},": device inventory still syncs in full, and the run completes without error. The ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Discovery → Agents"]}," view simply won't reflect SentinelOne-sourced runtime activity until Deep Visibility is available."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To enable AI-agent discovery, work with your SentinelOne account team to license Deep Visibility, then confirm the integration token can run DV queries — no other reconfiguration is needed."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"troubleshooting","__idx":12},"children":["Troubleshooting"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"invalid-sentinelone-api-token--connection-test-fails-with-401","__idx":13},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Invalid SentinelOne API token"]}," / connection test fails with 401"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The API token is wrong, expired, or has been revoked. Generate a fresh token in ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Settings → Users → Service Users"]}," and re-enter it."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Confirm the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," points at the same tenant the token was issued from — tokens are not portable across consoles."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"sentinelone-api-token-lacks-the-required-scope-403","__idx":14},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["SentinelOne API token lacks the required scope"]}," (403)"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The token's Service User is scoped too narrowly. Re-issue the token at ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Account"]}," or ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Global"]}," scope with at least ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Viewer"]}," so it can read the endpoints you expect."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"console-url-rejected","__idx":15},"children":["Console URL rejected"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Console URL"]}," must be a valid ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https"]}," URL (e.g. ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["https://your-instance.sentinelone.net"]},"). ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["http"]},", bare hostnames, and non-URL values are rejected. Capsule strips any path or query string — enter just the console host."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"devices-appear-but-no-ai-agents-are-discovered","__idx":16},"children":["Devices appear but no AI agents are discovered"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["This is expected when ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Deep Visibility"]}," is not licensed or the DV query couldn't complete — device inventory still syncs. See ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"#feature-availability"},"children":["Feature availability"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If Deep Visibility is licensed, confirm AI coding agents have actually launched on managed endpoints within the last 7 days, and that the token's Service User can run Deep Visibility queries."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"support","__idx":17},"children":["Support"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For help with this integration:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Email"]},": support@capsule.security"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Include"]},": Your tenant ID, integration status, console URL, and any error messages from the Capsule portal"]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For SentinelOne API token or scope issues:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["SentinelOne console"]},": ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Settings → Users → Service Users"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reference"]},": ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://usea1-support.sentinelone.net/hc/en-us/articles/360004195934-Generating-API-Tokens"},"children":["Generating API Tokens"]}]}]}]},"headings":[{"value":"SentinelOne Integration","id":"sentinelone-integration","depth":1},{"value":"Overview","id":"overview","depth":2},{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"Step 1: Create an API Token in the SentinelOne Console","id":"step-1-create-an-api-token-in-the-sentinelone-console","depth":2},{"value":"Steps","id":"steps","depth":3},{"value":"Why a Service-User token (not a personal token)","id":"why-a-service-user-token-not-a-personal-token","depth":3},{"value":"Security notes","id":"security-notes","depth":3},{"value":"Step 2: Configure the Integration in Capsule","id":"step-2-configure-the-integration-in-capsule","depth":2},{"value":"Steps","id":"steps-1","depth":3},{"value":"After setup","id":"after-setup","depth":3},{"value":"Feature Availability","id":"feature-availability","depth":2},{"value":"Without Deep Visibility","id":"without-deep-visibility","depth":3},{"value":"Troubleshooting","id":"troubleshooting","depth":2},{"value":"Invalid SentinelOne API token / connection test fails with 401","id":"invalid-sentinelone-api-token--connection-test-fails-with-401","depth":3},{"value":"SentinelOne API token lacks the required scope (403)","id":"sentinelone-api-token-lacks-the-required-scope-403","depth":3},{"value":"Console URL rejected","id":"console-url-rejected","depth":3},{"value":"Devices appear but no AI agents are discovered","id":"devices-appear-but-no-ai-agents-are-discovered","depth":3},{"value":"Support","id":"support","depth":2}],"frontmatter":{"seo":{"title":"SentinelOne Integration"}},"lastModified":"2026-06-09T14:07:54.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/sentinelone","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}