Integration: Kaseya SIEM and SentinelOne

Kaseya MDR

NAVIGATION  Organizations > Edit Organization > + New Application

PERMISSIONS  Access to edit organizations and add integrations in Kaseya SIEM

SentinelOne

NAVIGATION  Navigation path goes here

PERMISSIONS  Required permissions go here

To enable the integration, complete the following steps:

1. In Kaseya SIEM, go to Organizations.

2. Select the organization you want to configure.

3. Click Edit Organization.

4. Click + New Application.

5. Select SentinelOne.

6. Enter the following:

   • API Token (from SentinelOne; see Set up the integration in SentinelOne)

   • API URL (SentinelOne domain; see Locate the SentinelOne API domain)

   

7. Click Finish.

This integration also requires setup in SentinelOne. Complete the following steps:

1. Log in to the SentinelOne Cloud console.

2. Click Settings.

   

3. Select the Users tab.

   

4. Click Service Users.

   

5. Click Actions > Create New Service User.

   

6. Enter a Name, Description, and Expiration Date, then click Next.

   

Configure the Scope of Access:

• For multiple customers: select Site and choose the customer site

• For a single environment: select Account and choose the account

7. Click Create User.

8. Copy or download the API token.

IMPORTANT  Document and store the API token value carefully, as it cannot be retrieved later.

Locate the SentinelOne API domain

In SentinelOne, locate the URL used to access your console (for example: https://usea1-.sentinelone.net).

NOTE  Make sure to exclude any additional parts of the URL after (such as /dashboard or /console).

Use the base URL when configuring the integration in Kaseya MDR.

To disable the integration, complete the following steps:

1. Go to Organizations.

2. Select the organization where SentinelOne is configured.

3. Click Edit Organization.

4. Locate the SentinelOne application.

5. Click Disconnect Application.