WAIT FOR RELEASE --Add docs on SentinelOne integration

.github/actions/spelling/expect.txt

@@ -316,6 +316,7 @@ SECRETVALUE
 securetty
 securityimages
 SEfirewall
+sentinelone
 serviceprincipals
 signin
 singlequeryargument

docs/platform/infra/imports/overview.md

@@ -14,6 +14,8 @@ Import security data from:
 
 - [Microsoft Defender for Cloud](/platform/infra/imports/defender/)
 
+- [SentinelOne](/platform/infra/imports/sentinelone/)
+
 - Check back for more integrations soon!
 
 ## Get help

docs/platform/infra/imports/sentinelone.mdx

@@ -0,0 +1,102 @@
+---
+title: Import Data from SentinelOne
+sidebar_label: SentinelOne
+sidebar_position: 40
+description: Import data from SentinelOne to combine SentinelOne vulnerabilities with your Mondoo findings.
+image: /img/featured_img/mondoo-feature.jpg
+---
+import menu from "/img/platform/infra/imports/sentinelone/nav.png";
+
+Mondoo can import data from SentinelOne and incorporate that data with its own findings. With a unified view of SentinelOne's vulnerabilities and Mondoo scan results, you can take advantage of Mondoo's powerful security visualization, prioritization, and ticket system integration.
+
+## Prerequisites
+
+Before you integrate SentinelOne with Mondoo, be sure you have:
+
+- A Mondoo account with Editor or Owner permissions for the space in which you want to add the integration
+
+- A [SentinelOne Singularity](https://www.sentinelone.com/platform/) account with administrator privileges
+
+## Integrate Mondoo with SentinelOne
+
+To create a new SentinelOne integration in Mondoo, perform these steps:
+
+Step A: Create a SentinelOne service user to give Mondoo access to SentinelOne data
+
+Step B: Add a new SentinelOne integration in the Mondoo Console
+
+### Step A: Create a SentinelOne service user
+
+Like any service that integrates with SentinelOne, Mondoo must have a service user that gives it access to SentinelOne data. The service user is a non-human user account with a token that gives Mondoo access through the SentinelOne API. To learn about service users, read "Overview of service users" in the SentinelOne documentation.
+
+1. Log into the SentinelOne management console as a user with administrative privileges.
+
+   {" "}
+
+   <img src={menu} width="175" />
+
+2. In the side navigation bar, select **Settings**. Select the **USERS** tab and then select **Service Users**.
+
+   ![SentinelOne service users](/img/platform/infra/imports/sentinelone/service-users.png)
+
+3. Select the **Actions** button and select **Create New Service User**.
+
+   ![New SentinelOne service user](/img/platform/infra/imports/sentinelone/new1.png)
+
+4. Give the new service user a name and description that make clear it's for Mondoo and then select the **Next** button.
+
+   ![New SentinelOne service user scopes](/img/platform/infra/imports/sentinelone/new2.png)
+
+5. Choose the **account(s)** (not sites) you want Mondoo to access and leave the **Viewer** role selected.
+
+6. Select the **Create User** button.
+
+   ![New SentinelOne service user API token](/img/platform/infra/imports/sentinelone/token.png)
+
+   SentinelOne shows the API token it generated for the Mondoo service user. Leave the page open; you need the token in the next steps.
+
+### Step B: Add a new SentinelOne integration in the Mondoo Console
+
+Once you have a SentinelOne API token, you can create a Mondoo SentinelOne integration. You need information from the service user you created in the instructions above.
+
+1. Access the Integrations > Add > SentinelOne page in one of two ways:
+
+   - New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select **BROWSE INTEGRATIONS** and then select **SentinelOne**.
+
+   ![Welcome to Mondoo Page](/img/platform/start/welcome_to_mondoo.png)
+
+   - INTEGRATIONS page: In the side navigation bar, under **INTEGRATIONS**, select **Add New Integration**. Under Third-Party Data, select **SentinelOne**.
+
+   ![New SentinelOne integration in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-new-int.png)
+
+2. In the **Choose an integration name** box, enter a name for the integration.
+
+3. In the **Enter the host URL** box, enter the base of the URL you use to access the SentinelOne management console. For example, if you access the SentinelOne management console at `https://my-company.sentinelone.net/dashboard`, enter `https://my-company.sentinelone.net`.
+
+4. Copy the SentinelOne API token you received when you created a service user in the instructions above. Paste it into the **Provide the SentinelOne API token** box.
+
+5. Select the **START IMPORTING** button.
+
+Mondoo begins connecting to SentinelOne and collecting data.
+
+## View, edit, or remove a SentinelOne integration
+
+1. In the left navigation, under **Integrations**, select **All Integrations**.
+
+   ![SentinelOne integrations list in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-int-list.png)
+
+2. Select **SentinelOne** and then select the integration you want.
+
+   ![SentinelOne integration in the Mondoo Console](/img/platform/infra/imports/sentinelone/s1-view-int.png)
+
+3. Use the options in near the top-right corner of the page:
+
+   - To change the integration settings, select the edit (pencil) icon.
+
+   - To import data from SentinelOne as soon as possible, select the **SCHEDULE NOW** button.
+
+   - To pause or resume importing data from SentinelOne, select the ellipsis (**...**) menu and then select **Pause Imports** or **Resume Imports**.
+
+   - To remove the integration, select the delete (trash can) icon.
+
+---

docs/platform/security/posture/policies.mdx

@@ -56,7 +56,7 @@ Disabling a policy deletes any existing reports from that policy in the space.
 
    ![Mondoo - find a policy in a space](/img/platform/security/policies-search.png)
 
-3. Check the box next to the policy (or policies) you want to delete and then select the **DELETE POLICY** button.
+3. Check the box next to the policy (or policies) you want to delete and then select the **DISABLE POLICY** button.
 
    ![Mondoo - disable a policy for a space](/img/platform/security/disable-preview.png)