This Guardz + Sentinel Integration (BYO-S1) guide will walk through the process of connecting your existing S1 deployment with the Guardz platform. This integration enables use of a Site Service User API Token for devices that are already deployed or that are intended to be deployed directly from S1.
Once the API integration is successfully completed, a series of policy settings will be inherited from S1 but can now be managed within the Guardz platform. Devices running the S1 agents will be added to the Device page and Endpoint threats detected by S1 will now be opened as issues within Guardz Detection & Response. Mitigation of these threats can be handled as remediations within the platform.
To get started, follow these steps to complete the integration:
SentinelOne Configuration:
In the S1 console, go to Policy & Settings > User Management > Service Users.
Click New Service User to open the modal and fill in the details as follows:
For the name, use something like "Guardz Integration".
Set the expiration to a longer timeframe (e.g., 1 year).
For Scope of Access, select Site, then choose the relevant Account and Site for the devices to be integrated.
Note: The API token will be generated per site, assuming each customer in Guardz maps to a site.
Change the Site Role to Admin (default is Viewer).
Important: Admin permissions are required.
Click Create Service User:
Copy the API token from the next screen. Save it securely.
Note: The above steps should be completed for each customer/site.
Guardz Configuration:
In Guardz, go to Security Controls (left nav) > Endpoint Security.
If required, "Deploy" the security control.
Under SentinelOne Endpoint Protections, click Connect.
Enter your SentinelOne subdomain (<subdomain>.sentinelone.net) and the Site Service User API token from the previous steps.
Check out the SentinelOne Site Policy Settings in Guardz and adjust as needed.
For any questions or further assistance, please don’t hesitate to reach out to [email protected]