> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SentinelOne

> How DSALTA integrates with SentinelOne — data collected, setup guide, and automated compliance checks.

## Overview

DSALTA connects to SentinelOne using read-only API access to collect compliance evidence automatically. DSALTA syncs the users in your SentinelOne management console (for access reviews) and application CVE risks. Data syncs every 24 hours and feeds into your Data Library modules.

<Info>
  **Read-only access.** DSALTA never modifies, creates, or deletes resources in your SentinelOne account.
</Info>

## How to Connect

SentinelOne connects with an **API token** and your **Console URL** — there's no app to install.

<Steps>
  <Step title="Generate an API token">
    Log in to your SentinelOne management console and go to **Settings → API Token**. Generate a token for a user that can read console users and application risks.
  </Step>

  <Step title="Find your Console URL">
    Your **Console URL** is the address you use to reach SentinelOne, for example `https://your-instance.sentinelone.net`.
  </Step>

  <Step title="Connect">
    In the DSALTA sidebar, go to **Integrations**, find **SentinelOne**, and click **Connect**. Paste your API token and Console URL into the secure window and submit.
  </Step>

  <Step title="Finish">
    DSALTA runs an initial sync — usually a few minutes — after which the compliance checks below activate.
  </Step>
</Steps>

## Automated Compliance Checks

Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.

| Check                                                                                                                      | Description                                                                            |
| -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- |
| [User access to Critical System should be valid](/integrations/sentinelone/user-access-to-critical-system-should-be-valid) | Checks that everyone with SentinelOne access is an active employee on the People page. |
| [Offboarded users should not have active access](/integrations/sentinelone/offboarded-users-should-not-have-active-access) | Checks that offboarded employees no longer have active SentinelOne access.             |

## Troubleshooting

<AccordionGroup>
  <Accordion title="Integration shows Disconnected">
    Re-authenticate from **Integrations → SentinelOne → Reconnect**. This can happen if the API token was revoked or rotated in the SentinelOne console.
  </Accordion>

  <Accordion title="Data is not syncing">
    Confirm the API token is still valid and the Console URL is correct, then trigger a manual sync from the integration settings.
  </Accordion>
</AccordionGroup>
