Device posture with SentinelOne requires the SentinelOne agent and the Cloudflare WARP client to be deployed on your devices. Our service-to-service posture check identifies devices based on their serial numbers.
Set up SentinelOne as a service provider
1. Obtain SentinelOne settings
The following SentinelOne values are needed to set up the SentinelOne posture check:
- API Token
- REST API URL
To retrieve those values:
- Log in to your SentinelOne Dashboard.
- Go to Settings > Users > Create new Service User.
- Select Create New Service User.
- Enter a Name and Expiration Date and select Next.
- Set Scope of Access to Viewer.
- Select Create User. SentinelOne will generate an API Token for this user.
- Copy the API Token to a safe location.
- Select Close.
- Copy the Rest API URL from your browser’s address bar (for example,
2. Add SentinelOne as a service provider
- In , go to Settings > WARP Client.
- Scroll down to Device posture providers and select Add new.
- Select SentinelOne.
- Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
- In Client Secret, enter your API Token.
- In Rest API URL, enter
- Choose a Polling frequency for how often Cloudflare Zero Trust should query SentinelOne for information.
- Select Save.
3. Configure the posture check
- In , go to Settings > WARP Client > Service provider checks.
- Select Add new.
- Select the SentinelOne provider.
- Configure a and enter any name.
- Select Save.
Device posture attributes
Device posture data is gathered from the SentinelOne Management APIs. For more information, refer to
|Infected||Whether the device is infected|
|Active Threats||Number of active threats on the device|
|Is Active||Whether the SentinelOne Agent is active|
|Network status||Whether the SentinelOne Agent is connected to the SentinelOne service|