Skip to main content

List Agents

Get the Agents, and their data, that match the filter. This command gives the Agent ID, which you can use in other commands.

Basic Parameters

ParameterDescription
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=".
LimitLimit number of returned items (1-1000). Example: "10".
QueryA free-text search term, will match applicable attributes (sub-string match).Note: Device's physical addresses will be matched if they start with the search term only (no match if they contain the term).
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Sort OrderSort direction.

Advanced Parameters

ParameterDescription
Custom QueriesAdditional custom query parameters.For more information about the available query parameters, visit https://your-subdomain.sentinelone.net/api-doc/api-details?category=agents&api=get-agents.

Example Output

{
"data": [
{
"registeredAt": "2018-02-27T04:49:26.257525Z",
"rangerStatus": "NotApplicable",
"mitigationModeSuspicious": "detect",
"cloudProviders": "object",
"serialNumber": "string",
"operationalState": "string",
"networkQuarantineEnabled": "boolean",
"coreCount": 8,
"firstFullModeTime": "string",
"cpuId": "Acme chips inc. Pro5555 @ 3.33GHz",
"computerName": "JOHN-WIN-4125",
"isPendingUninstall": "boolean",
"detectionState": "string",
"networkStatus": "connected",
"infected": "boolean",
"consoleMigrationStatus": "N/A",
"cpuCount": 2,
"scanStatus": "none",
"createdAt": "2018-02-27T04:49:26.257525Z",
"siteName": "string",
"fullDiskScanLastUpdatedAt": "2018-02-27T04:49:26.257525Z",
"lastIpToMgmt": "string",
"groupUpdatedAt": "2018-02-27T04:49:26.257525Z",
"domain": "mybusiness.net",
"osArch": "32 bit",
"siteId": "225494730938493804",
"userActionsNeeded": [
{
"type": "string",
"example": "none",
"enum": [
"none",
"reboot_needed",
"user_action_needed",
"upgrade_needed",
"incompatible_os",
"unprotected",
"user_action_needed_fda",
"user_action_needed_rs_fda",
"user_action_needed_network",
"rebootless_without_dynamic_detection",
"extended_exclusions_partially_accepted",
"user_action_needed_bluetooth_per",
"reboot_required"
]
}
],
"updatedAt": "2018-02-27T04:49:26.257525Z",
"scanAbortedAt": "2018-02-27T04:49:26.257525Z",
"rangerVersion": "string",
"threatRebootRequired": "boolean",
"locationType": "not_applicable",
"accountName": "string",
"allowRemoteShell": "boolean",
"uuid": "ff819e70af13be381993075eb0ce5f2f6de05be2",
"activeDirectory": {
"computerMemberOf": [
{
"type": "string"
}
],
"mail": "ActiveDirectory UPN",
"computerDistinguishedName": "CN=TEMP-T470P,CN=Computers,DC=sentinelone,DC=com",
"userPrincipalName": "some@mail.com",
"lastUserMemberOf": [
{
"type": "string"
}
],
"lastUserDistinguishedName": "CN=John Doe,CN=Users,DC=sentinelone,DC=com"
},
"isActive": "boolean",
"osType": "linux",
"totalMemory": 8192,
"isUninstalled": "boolean",
"locations": [
{
"name": "office1",
"scope": "global",
"id": "225494730938493804"
}
],
"networkInterfaces": [
{
"inet": [
{
"type": "string"
}
],
"gatewayMacAddress": "00:25:96:FF:FE:12",
"inet6": [
{
"type": "string"
}
],
"gatewayIp": "192.168.1.1",
"physical": "00:25:96:FF:FE:12:34:56",
"name": "string",
"id": "225494730938493804"
}
],
"storageType": "string",
"externalIp": "31.155.5.7",
"scanStartedAt": "2018-02-27T04:49:26.257525Z",
"modelName": "Acme computers - 15x4k",
"id": "225494730938493804",
"groupId": "225494730938493804",
"activeThreats": 3,
"scanFinishedAt": "2018-02-27T04:49:26.257525Z",
"isUpToDate": "boolean",
"operationalStateExpiration": "2018-02-27T04:49:26.257525Z",
"machineType": "unknown",
"osUsername": "string",
"tags": {
"sentinelone": [
{
"assignedBy": "string",
"key": "string",
"assignedById": "225494730938493804",
"id": "225494730938493804",
"value": "string",
"assignedAt": "2018-02-27T04:49:26.257525Z"
}
]
},
"licenseKey": "string",
"showAlertIcon": "boolean",
"osRevision": "string",
"appsVulnerabilityStatus": "patch_required",
"storageName": "string",
"osName": "Windows 10",
"lastActiveDate": "2018-02-27T04:49:26.257525Z",
"accountId": "225494730938493804",
"groupIp": "31.155.5.x",
"groupName": "string",
"isDecommissioned": "boolean",
"firewallEnabled": "boolean",
"inRemoteShellSession": "boolean",
"remoteProfilingStateExpiration": "string",
"locationEnabled": "boolean",
"installerType": ".msi",
"policyUpdatedAt": "2018-02-27T04:49:26.257525Z",
"encryptedApplications": "boolean",
"osStartTime": "2018-02-27T04:49:26.257525Z",
"remoteProfilingState": "string",
"mitigationMode": "detect",
"lastLoggedInUserName": "janedoe3",
"externalId": "string",
"agentVersion": "2.5.0.2417"
}
],
"pagination": {
"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE=",
"totalItems": 580
},
"errors": [
{
"type": "object"
}
]
}

Workflow Library Example

Validate That Sentinelone Edr is Installed for All Employees on Google Workspace

Workflow LibraryPreview this Workflow on desktop