> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# SentinelOne

> View SentinelOne threat detections, agent health, and STAR alerts in Pwnbook.

<img src="https://mintcdn.com/pwnbook/noJyYhCscAD7TYUE/logos/sentinelone.svg?fit=max&auto=format&n=noJyYhCscAD7TYUE&q=85&s=2e78505a5ebc7b19172b76214026ffa7" alt="SentinelOne" style={{ height: "32px", marginBottom: "16px" }} width="37" height="46" data-path="logos/sentinelone.svg" />

## Overview

SentinelOne is an endpoint detection and response (EDR) platform with autonomous threat response. The Pwnbook integration surfaces active threats, agent health, and STAR (SentinelOne Threat Intelligence Response) alerts so endpoint security data sits alongside the rest of your security context.

## Prerequisites

* A SentinelOne account
* A SentinelOne API token with read access to the relevant site(s)
* Admin or Owner access in Pwnbook

## Setup

<Steps>
  <Step title="Generate a SentinelOne API token">
    1. In the SentinelOne console, click your user avatar → **My User**.
    2. Under **API Token**, click **Generate**.
    3. Copy the token.
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → SentinelOne**.
    2. Enter your **API Token** and **Console URL** (e.g. `https://usea1.sentinelone.net`).
    3. Select the **sites** to monitor.
    4. Click **Save & Test**.
  </Step>
</Steps>

## What's available

| View            | Description                                                             |
| --------------- | ----------------------------------------------------------------------- |
| **Threats**     | Active and resolved threats with severity, classification, and endpoint |
| **Agents**      | Connected endpoint count and sensor health                              |
| **STAR alerts** | Automated response rule triggers                                        |

## Workbench card

The **SentinelOne** workbench card shows agent count, active threat count, and a STAR alert summary.
