diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 2ab2e63a6..f73e0afe6 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -316,6 +316,7 @@ SECRETVALUE securetty securityimages SEfirewall +sentinelone serviceprincipals signin singlequeryargument diff --git a/docs/platform/infra/imports/overview.md b/docs/platform/infra/imports/overview.md index 36d13dbc3..0b8fce743 100644 --- a/docs/platform/infra/imports/overview.md +++ b/docs/platform/infra/imports/overview.md @@ -14,6 +14,8 @@ Import security data from: - [Microsoft Defender for Cloud](/platform/infra/imports/defender/) +- [SentinelOne](/platform/infra/imports/sentinelone/) + - Check back for more integrations soon! ## Get help diff --git a/docs/platform/infra/imports/sentinelone.mdx b/docs/platform/infra/imports/sentinelone.mdx new file mode 100644 index 000000000..1a9d41494 --- /dev/null +++ b/docs/platform/infra/imports/sentinelone.mdx @@ -0,0 +1,102 @@ +--- +title: Import Data from SentinelOne +sidebar_label: SentinelOne +sidebar_position: 40 +description: Import data from SentinelOne to combine SentinelOne vulnerabilities with your Mondoo findings. +image: /img/featured_img/mondoo-feature.jpg +--- +import menu from "/img/platform/infra/imports/sentinelone/nav.png"; + +Mondoo can import data from SentinelOne and incorporate that data with its own findings. With a unified view of SentinelOne's vulnerabilities and Mondoo scan results, you can take advantage of Mondoo's powerful security visualization, prioritization, and ticket system integration. + +## Prerequisites + +Before you integrate SentinelOne with Mondoo, be sure you have: + +- A Mondoo account with Editor or Owner permissions for the space in which you want to add the integration + +- A [SentinelOne Singularity](https://www.sentinelone.com/platform/) account with administrator privileges + +## Integrate Mondoo with SentinelOne + +To create a new SentinelOne integration in Mondoo, perform these steps: + +Step A: Create a SentinelOne service user to give Mondoo access to SentinelOne data + +Step B: Add a new SentinelOne integration in the Mondoo Console + +### Step A: Create a SentinelOne service user + +Like any service that integrates with SentinelOne, Mondoo must have a service user that gives it access to SentinelOne data. The service user is a non-human user account with a token that gives Mondoo access through the SentinelOne API. To learn about service users, read "Overview of service users" in the SentinelOne documentation. + +1. Log into the SentinelOne management console as a user with administrative privileges. + + {" "} + + + +2. In the side navigation bar, select **Settings**. Select the **USERS** tab and then select **Service Users**. + + ![SentinelOne service users](/img/platform/infra/imports/sentinelone/service-users.png) + +3. Select the **Actions** button and select **Create New Service User**. + + ![New SentinelOne service user](/img/platform/infra/imports/sentinelone/new1.png) + +4. Give the new service user a name and description that make clear it's for Mondoo and then select the **Next** button. + + ![New SentinelOne service user scopes](/img/platform/infra/imports/sentinelone/new2.png) + +5. Choose the **account(s)** (not sites) you want Mondoo to access and leave the **Viewer** role selected. + +6. Select the **Create User** button. + + ![New SentinelOne service user API token](/img/platform/infra/imports/sentinelone/token.png) + + SentinelOne shows the API token it generated for the Mondoo service user. Leave the page open; you need the token in the next steps. + +### Step B: Add a new SentinelOne integration in the Mondoo Console + +Once you have a SentinelOne API token, you can create a Mondoo SentinelOne integration. You need information from the service user you created in the instructions above. + +1. Access the Integrations > Add > SentinelOne page in one of two ways: + + - New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select **BROWSE INTEGRATIONS** and then select **SentinelOne**. + + ![Welcome to Mondoo Page](/img/platform/start/welcome_to_mondoo.png) + + - INTEGRATIONS page: In the side navigation bar, under **INTEGRATIONS**, select **Add New Integration**. Under Third-Party Data, select **SentinelOne**. + + ![New SentinelOne integration in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-new-int.png) + +2. In the **Choose an integration name** box, enter a name for the integration. + +3. In the **Enter the host URL** box, enter the base of the URL you use to access the SentinelOne management console. For example, if you access the SentinelOne management console at `https://my-company.sentinelone.net/dashboard`, enter `https://my-company.sentinelone.net`. + +4. Copy the SentinelOne API token you received when you created a service user in the instructions above. Paste it into the **Provide the SentinelOne API token** box. + +5. Select the **START IMPORTING** button. + +Mondoo begins connecting to SentinelOne and collecting data. + +## View, edit, or remove a SentinelOne integration + +1. In the left navigation, under **Integrations**, select **All Integrations**. + + ![SentinelOne integrations list in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-int-list.png) + +2. Select **SentinelOne** and then select the integration you want. + + ![SentinelOne integration in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-view-int.png) + +3. Use the options in near the top-right corner of the page: + + - To change the integration settings, select the edit (pencil) icon. + + - To import data from SentinelOne as soon as possible, select the **SCHEDULE NOW** button. + + - To pause or resume importing data from SentinelOne, select the ellipsis (**...**) menu and then select **Pause Imports** or **Resume Imports**. + + - To remove the integration, select the delete (trash can) icon. + +--- diff --git a/docs/platform/security/posture/policies.mdx b/docs/platform/security/posture/policies.mdx index e45830821..25d7db4ae 100644 --- a/docs/platform/security/posture/policies.mdx +++ b/docs/platform/security/posture/policies.mdx @@ -56,7 +56,7 @@ Disabling a policy deletes any existing reports from that policy in the space. ![Mondoo - find a policy in a space](/img/platform/security/policies-search.png) -3. Check the box next to the policy (or policies) you want to delete and then select the **DELETE POLICY** button. +3. Check the box next to the policy (or policies) you want to delete and then select the **DISABLE POLICY** button. ![Mondoo - disable a policy for a space](/img/platform/security/disable-preview.png) diff --git a/static/img/platform/infra/imports/sentinelone/actions.png b/static/img/platform/infra/imports/sentinelone/actions.png new file mode 100644 index 000000000..c40e6010c Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/actions.png differ diff --git a/static/img/platform/infra/imports/sentinelone/keyvalue.png b/static/img/platform/infra/imports/sentinelone/keyvalue.png new file mode 100644 index 000000000..3d5fb105e Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/keyvalue.png differ diff --git a/static/img/platform/infra/imports/sentinelone/mismatch-s1.png b/static/img/platform/infra/imports/sentinelone/mismatch-s1.png new file mode 100644 index 000000000..364f34495 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/mismatch-s1.png differ diff --git a/static/img/platform/infra/imports/sentinelone/nav.png b/static/img/platform/infra/imports/sentinelone/nav.png new file mode 100644 index 000000000..917076bb8 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/nav.png differ diff --git a/static/img/platform/infra/imports/sentinelone/new1.png b/static/img/platform/infra/imports/sentinelone/new1.png new file mode 100644 index 000000000..2870f61d9 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/new1.png differ diff --git a/static/img/platform/infra/imports/sentinelone/new2.png b/static/img/platform/infra/imports/sentinelone/new2.png new file mode 100644 index 000000000..806d19208 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/new2.png differ diff --git a/static/img/platform/infra/imports/sentinelone/s1-int-list.png b/static/img/platform/infra/imports/sentinelone/s1-int-list.png new file mode 100644 index 000000000..7b4876ed3 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/s1-int-list.png differ diff --git a/static/img/platform/infra/imports/sentinelone/s1-new-int.png b/static/img/platform/infra/imports/sentinelone/s1-new-int.png new file mode 100644 index 000000000..ba4d5f83a Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/s1-new-int.png differ diff --git a/static/img/platform/infra/imports/sentinelone/s1-view-int.png b/static/img/platform/infra/imports/sentinelone/s1-view-int.png new file mode 100644 index 000000000..64a246b85 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/s1-view-int.png differ diff --git a/static/img/platform/infra/imports/sentinelone/service-users.png b/static/img/platform/infra/imports/sentinelone/service-users.png new file mode 100644 index 000000000..a5d089856 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/service-users.png differ diff --git a/static/img/platform/infra/imports/sentinelone/token.png b/static/img/platform/infra/imports/sentinelone/token.png new file mode 100644 index 000000000..2bbd388b3 Binary files /dev/null and b/static/img/platform/infra/imports/sentinelone/token.png differ