junto

SentinelOne is an endpoint detection and response (EDR) platform. Once connected, Junto can look up endpoints, investigate threats and alerts, manage endpoint isolation, trigger scans, and run Deep Visibility queries across your fleet.

An API token generated from your SentinelOne management console

Your SentinelOne instance URL (e.g., <code><a href="https://usea1.sentinelone.net" rel="nofollow noopener noreferrer" target="_blank">https://usea1.sentinelone.net</a></code>)

- A SentinelOne account with API access
- An API token generated from your SentinelOne management console
- Your SentinelOne instance URL (e.g., <code><a href="https://usea1.sentinelone.net" rel="nofollow noopener noreferrer" target="_blank">https://usea1.sentinelone.net</a></code>)

Log in to your SentinelOne management console.

Navigate to Settings &gt; Users and select your user account.

Under API Token, click Generate to create a new token.

Copy the token. It will not be shown again.

1. Log in to your SentinelOne management console.
2. Navigate to Settings &gt; Users and select your user account.
3. Under API Token, click Generate to create a new token.
4. Copy the token. It will not be shown again.

In Junto, go to Settings &gt; Integrations &gt; SentinelOne.

Click Add Configuration and fill in:

API URL -- Your SentinelOne instance URL.

API Token -- The token from Step 1. This is encrypted before storage.

Click Create. Junto validates the connection by listing your SentinelOne sites.

1. In Junto, go to Settings &gt; Integrations &gt; SentinelOne.
2. Click Add Configuration and fill in:
3. API URL -- Your SentinelOne instance URL.
4. API Token -- The token from Step 1. This is encrypted before storage.
5. Click Create. Junto validates the connection by listing your SentinelOne sites.

SentinelOne organizes endpoints into Sites. Each MSP client is typically a separate site.

After connecting, Junto lists available sites from your SentinelOne account.

Use the company mapping interface to link each Junto company to its SentinelOne site.

1. After connecting, Junto lists available sites from your SentinelOne account.
2. Use the company mapping interface to link each Junto company to its SentinelOne site.
3. Auto-map is available to match by name.
4. Save mappings.

High-impact actions like endpoint isolation, reconnection, and threat mitigation require explicit technician approval before the agent proceeds.

Connection fails -- Verify your API URL and token. Ensure the token has not expired or been revoked.

No sites listed -- Confirm your API token has sufficient permissions to view sites.

Endpoint not found -- Check that the company mapping is correct and the endpoint is enrolled in the expected site.

Deep Visibility query returns no results -- Ensure target endpoints are online with the SentinelOne agent running. Queries search recent telemetry data.

- Connection fails -- Verify your API URL and token. Ensure the token has not expired or been revoked.
- No sites listed -- Confirm your API token has sufficient permissions to view sites.
- Endpoint not found -- Check that the company mapping is correct and the endpoint is enrolled in the expected site.
- Deep Visibility query returns no results -- Ensure target endpoints are online with the SentinelOne agent running. Queries search recent telemetry data.

How to connect SentinelOne to Junto for endpoint detection and response.

SentinelOne Integration Setup

Find answers and get help from Intercom Support and Community Experts

Conversations you've started through the messenger will appear here.

No conversations created by you

Try using different keywords or checking for typos.

No conversations found

Title

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Tool	Description	Risk Level
List Endpoints	Search for endpoints by hostname, OS type, infection status, or active status	Low
Get Endpoint Details	View detailed information about a specific endpoint	Low
Scan Endpoint	Initiate a full disk scan on one or more endpoints	Medium
Isolate Endpoint	Disconnect an endpoint from the network (network quarantine)	High
Reconnect Endpoint	Restore network access to a previously isolated endpoint	High

Tool	Description	Risk Level
List Threats	List detected threats with filtering by resolved status, mitigation status, or analyst verdict	Low
Get Threat Details	View detailed information about a specific threat	Low
Mitigate Threat	Take action on a threat: kill, quarantine, remediate, or rollback	High
Update Threat Verdict	Set analyst verdict (true positive, false positive, suspicious, or undefined)	Medium
Add Threat Note	Add analyst notes to a threat for documentation	Medium

Tool	Description	Risk Level
List Alerts	List cloud detection alerts with optional filtering by analyst verdict	Low
Update Alert Verdict	Set analyst verdict on cloud detection alerts	Medium

Tool	Description	Risk Level
Create Query	Search endpoint telemetry data across your fleet	Medium
Check Query Status	Check the status of a running Deep Visibility query	Low
Get Query Results	Retrieve events from a completed Deep Visibility query	Low

Tool	Description	Risk Level
List Sites	List all SentinelOne sites in the account	Low

SentinelOne Integration Setup

SentinelOne Setup

Prerequisites

Step 1: Generate an API Token

Step 2: Configure in Junto

Step 3: Map Companies to Sites

What the AI Agent Can Do

Endpoint Management

Threat Investigation & Response

Alert Management

Deep Visibility Queries

Infrastructure

Troubleshooting