---
title: "SentinelOne"
slug: "sentinelone"
updated: 2025-06-24T16:56:37Z
published: 2025-06-24T16:56:37Z
canonical: "help.nucleussec.com/sentinelone"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SentinelOne

## Overview

Nucleus enables you to ingest assets and vulnerabilities from SentinelOne Singularity XDR directly into your Nucleus console using an automated connector. The connector uses the APIs provided by SentinelOne to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The SentinelOne connector supports importing assets and vulnerabilities. It comes in two modes: scan mode and asset sync mode. When asset sync mode is toggled, vulnerabilities will not be ingested and only assets will be synced.

## Connector Setup

### Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

1. **API Access** Create an API Token in SentinelOne.
2. **Connector Configuration** Create and configure the connector in your Nucleus project.
3. **Data Ingestion** Create an ingest rule to ingest assets and vulnerabilities from SentinelOne.

### 1. API Access

Account Access

We recommend creating a **service user account** instead of a regular user account to ensure maximum security and uninterrupted integration.

1. Login to SentinelOne, then click **Settings**.
2. Select the **Users** tab.
3. Select **Service Users**, click **Actions**, and then **Create New Service User**.
4. Enter a **Name** for the connector, set the **Expiration Date** to two years and click **Next**.
5. Select an appropriate scope, then click **Create User**.
6. Make a copy of the **API Token** for use when configuring the connector.

### 2. Connector Configuration

1. Open Nucleus and go to **Integration Hub > Connector Setup.**
2. Under the **Scanners** section, click the**SentinelOne**icon. You will see the following popup:

![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image-1731660050192.png)
3. In the **Setup SentinelOne Connector**popup, enter the following information:

| Field | Description |
| --- | --- |
| Name | Enter an optional name for your connector. |
| Description | Enter an optional description for your connector. |
| Insatnce URL | Enter the URL to your instance of SentinelOne. |
| API Token | Enter the API Key you created in API Access. |

<editor360-custom-block data-preprocessing="true" data-sanitizationtags="STRONG"><ol start="4"><li>Click <strong>Verify Credentials</strong><strong>.</strong></li><li>Click <strong>Save</strong>.</li></ol></editor360-custom-block>

### 3. Data Ingestion

<editor360-custom-block data-preprocessing="true" data-sanitizationtags="STRONG"><ol><li>Go to <strong>Data Ingest</strong><strong>&nbsp;&gt; Import via Connector</strong>.</li><li>Select the SentinelOne connector you just created.</li><li>Select importing by <strong>All Endpoints</strong>.</li><li>Select a schedule to import data into the project.</li><li>Click <strong>Save &amp; Finish</strong>.</li></ol></editor360-custom-block>

## Connector Behaviour

### Asset Sync Mode

The SentinelOne connector has two modes:

1. Scan Mode, where both the assets and their vulnerabilities are ingested
2. Asset Sync Mode, where only assets are synced and no vulnerabilities are ingested.

These modes are available at the organization level only and must be configured by Nucleus. The modes cannot operate at the same time, so you will want to use the asset sync mode when you are not scanning for vulnerabilities with SentinelOne, and use the regular Scan mode for when you are scanning.