Technical Tip: FortiDeceptor Integration with SentinelOne Over API

The integration connector will be part of the FABRIC -> Integrate Method section as the SentinelOne Isolation.
connector. The connector will leverage the SentinelOne EDR API.

But sometimes errors like the ones below can appear in logs.

itime=1756474677 date=2025-08-29 time=15:37:57 timezone=CEST logid=0123000001 type=event subtype=system pri=information user=system ui=system action=log status=success loghost=local msg="The SentinelOne Isolation SentinelOne was failed to connect to https://abc-123.sentinelone.net, reason = no json data is found in the response from server."

itime=1756474699 date=2025-08-29 time=15:38:19 timezone=CEST logid=0123000001 type=event subtype=system pri=information user=system ui=system action=log status=success loghost=local msg="The SentinelOne Isolation SentinelOne was failed to block 10.12.0.49, reason = No json data is found in the response from server."

In this case, two things need to be verified:

1. The REST APIs integrated in FortiDeceptor are based on v2.1. The SentinelOne version should match it because this means that the API version is different.
   
   
2. For the API permission scope, simply run the curl command and check if the access token can be returned successfully.

curl -k -H "Content-Type: application/json" -d '{"data": {"apiToken":"YOUR_API_TOKEN"}}' https://abc-123.sentinelone.net//web/api/v2.1/users/login/by-api-token