Summary
In order for the Check Point MDR team to monitor your logs from your SentinelOne environment, we will require an API URL and Token.
If you need any assistance with this procedure, please open a ticket in the MDR Customer portal under "MDR Support" or if you are currently onboarding reply to your welcome email, and we will schedule a time to assist.
Note: We will need these two items filled in on the MDR customer portal profile page when adding the integration also ensure the procedure outlined below is completed before adding:
• API URL
• API Token
Procedure
To Create the API Token:
- In the SentinelOne management console, go to Settings, and then click Users.
- Click on the Admin user for which you generate the API token.
- Click Generate next to API Token
API URL is your base URL it should be something like https://organization.sentinelone.net/
Remediation
Proceed to the Infinity Portal and head to the MDR Profile tab. Under Remediation Excluded Hosts, you will need to enter an IP Address. If you do not have a host to exclude, please use a default address, such as 1.1.1.1 (There will need to be at least one entry before the system allows you to configure Remediation.)
- In the integration you will see an option at the bottom called "Remediation". Click on the Blue Configure button to begin the setup process.
- Next, select your desired Isolation/Remediation option: Do not perform remediations, Requires approval, Always approve. Hit Save at the bottom complete this process.
Note: Please contact MDR Support by creating a ticket in your MDR Portal if you would like to schedule a test to verify your Remediation (Host Isolation).