Skip to main content
All CollectionsHRM
SentinelOne integration with Right-hand Cybersecurity HRM
SentinelOne integration with Right-hand Cybersecurity HRM
Shailanchal Uniyal avatar
Written by Shailanchal Uniyal
Updated this week

SentinelOne Integration Guide for Right-Hand Cybersecurity HRM

Step 1: Create an API Key in SentinelOne

Step 2: Locate Your API Domain

Step 3: Set Up the Integration in Right-Hand Cybersecurity HRM

Step 4: Map Users

Events supported by Right-Hand Cybersecurity HRM

SentinelOne Integration Guide for Right-Hand Cybersecurity HRM

This guide will help you integrate SentinelOne's endpoint protection platform (EPP) with Right-Hand Cybersecurity Human Risk Management (HRM). Once the integration is complete, SentinelOne data will be available for use in the HRM Integrations section of your Right-Hand Cybersecurity console. This data can be used for reporting and creating personalized coaching nudges and for targeted awareness campaigns.

Step 1: Create an API Key in SentinelOne

Before setting up the integration, you must create an API key in your SentinelOne Cloud console. Follow these steps to generate the key:

  • Log in to your SentinelOne Cloud Console.

  • Navigate to Settings and select the Users tab.

  • Click Service Users.

  • Select Actions > Create New Service User.

  • In the pop-up window:

    • Enter a Name and Description for the service user.

    • Set an Expiration Date for the API key.

  • Click Next.

  • Under Account, select Viewer.

  • Click Create User.

  • Copy the API Token from the pop-up window or download it for safekeeping.

    Important: Ensure the API Token is saved securely as it will be required during the integration setup in your Right-Hand Cybersecurity HRM console.

Step 2: Locate Your API Domain

You will also need the API domain of your SentinelOne Cloud console. This can be found in the URL of your console.
For example, in the URL https://usea1-partners.sentinelone.net, the API domain is usea1-partners.sentinelone.net.
Make note of this domain, as it will be needed during the integration process.

Step 3: Set Up the Integration in Right-Hand Cybersecurity HRM

After obtaining the API key and domain, follow these steps to set up the integration in your HRM console:

  • Log in to your Right-Hand Cybersecurity HRM console.

  • Navigate to Human Risk Management > Settings > Security Vendors

  • Locate SentinelOne in the list and click Configure. Enter your API Key and API Domain in the respective fields.

  • Click Authorize.

Step 4: Map Users

Once the integration is successfully authorized, you can map SentinelOne user-attributes to your users' emails.

For detailed guidance on user mapping, refer to the User Mapping Guide for Right-Hand Cybersecurity HRM.

For more information or assistance, please contact Right-Hand Cybersecurity Support.

Events supported by Right-Hand Cybersecurity HRM

Malware Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Malware’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Ransomware Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Ransomware’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Trojan Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Trojan’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Potentially Unwanted Application Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘PUA’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Adware Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Adware’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Virus Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Virus’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Cryptomining Detected on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Cryptominer’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Malicious PDF Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Malicious PDF’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Malicious Office Document Found on Employee’s Device

Event Definition Attributes and Logic:

  • If attribute classification has value ‘Malicious Office Document’ AND attribute confidenceLevel has value 'malicious' then it will be a valid event.

Did this answer your question?