Refresh SentinelOne credentials

When your SentinelOne API token expires, you can copy a service user to regenerate a token, and then resubmit it to Arctic Wolf®.

For more information, sign in to your SentinelOne console and see Overview of Service Users.

These resources are required:

  • Singularity Core or higher SentinelOne license
  • Admin permissions for the applicable SentinelOne environment

Create a SentinelOne API token

For more information, see Overview of Service Users.
  1. Go to https://prefix.sentinelone.net, where prefix is the prefix value that SentinelOne provided to you.
  2. Sign in to the SentinelOne console with administrator permissions.
  3. In the navigation menu, click "" Settings .
  4. In the navigation menu, click Service Users.
  5. Select the service user who created the original API token.
  6. Click Actions > Copy User.
  7. In the Create New Service User dialog, rename the service account, for example, SentinelOne Arctic Wolf Sensor year.
  8. In the Expiration Date section, make sure that 2 Years is selected.
  9. Click Next.
  10. Make sure that the scope of access matches the service user that you copied.
  11. Click Create User.
  12. If prompted, authenticate your user, and then click Confirm Action.
  13. In the API Token dialog, copy the API Token value, and then save it in a safe, encrypted location to provide to Arctic Wolf later.

Update Active Response credentials

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Integrations.
  3. Make sure that you are on the Active Response tab.
  4. Optional: Filter the list of integrations.

    For more information, see Active Response integration filters.

  5. For the account that you want to update, click Actions > View Integration.
  6. On the Integration page, click Edit Settings.
  7. In the appropriate field, enter the token and secret.
  8. Click Save Changes.