Skip to main content
SentinelOne

Overview

SentinelOne is an endpoint detection and response (EDR) platform with autonomous threat response. The Pwnbook integration surfaces active threats, agent health, and STAR (SentinelOne Threat Intelligence Response) alerts so endpoint security data sits alongside the rest of your security context.

Prerequisites

  • A SentinelOne account
  • A SentinelOne API token with read access to the relevant site(s)
  • Admin or Owner access in Pwnbook

Setup

1

Generate a SentinelOne API token

  1. In the SentinelOne console, click your user avatar → My User.
  2. Under API Token, click Generate.
  3. Copy the token.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → SentinelOne.
  2. Enter your API Token and Console URL (e.g. https://usea1.sentinelone.net).
  3. Select the sites to monitor.
  4. Click Save & Test.

What’s available

ViewDescription
ThreatsActive and resolved threats with severity, classification, and endpoint
AgentsConnected endpoint count and sensor health
STAR alertsAutomated response rule triggers

Workbench card

The SentinelOne workbench card shows agent count, active threat count, and a STAR alert summary.