List Agents
Get the Agents, and their data, that match the filter. This command gives the Agent ID, which you can use in other commands.
Basic Parameters
| Parameter | Description |
|---|---|
| Cursor | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". |
| Limit | Limit number of returned items (1-1000). Example: "10". |
| Query | A free-text search term, will match applicable attributes (sub-string match). Note: Device's physical addresses will be matched if they start with the search term only (no match if they contain the term). |
| Return All Pages | Automatically fetch all resources, page by page. |
| Sort By | The column to sort the results by. |
| Sort Order | Sort direction. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Custom Queries | Additional custom query parameters. For more information about the available query parameters, visit https://your-subdomain.sentinelone.net/api-doc/api-details?category=agents&api=get-agents. |
Example Output
{
"data": [
{
"registeredAt": "2018-02-27T04:49:26.257525Z",
"rangerStatus": "NotApplicable",
"mitigationModeSuspicious": "detect",
"cloudProviders": "object",
"serialNumber": "string",
"operationalState": "string",
"networkQuarantineEnabled": "boolean",
"coreCount": 8,
"firstFullModeTime": "string",
"cpuId": "Acme chips inc. Pro5555 @ 3.33GHz",
"computerName": "JOHN-WIN-4125",
"isPendingUninstall": "boolean",
"detectionState": "string",
"networkStatus": "connected",
"infected": "boolean",
"consoleMigrationStatus": "N/A",
"cpuCount": 2,
"scanStatus": "none",
"createdAt": "2018-02-27T04:49:26.257525Z",
"siteName": "string",
"fullDiskScanLastUpdatedAt": "2018-02-27T04:49:26.257525Z",
"lastIpToMgmt": "string",
"groupUpdatedAt": "2018-02-27T04:49:26.257525Z",
"domain": "mybusiness.net",
"osArch": "32 bit",
"siteId": "225494730938493804",
"userActionsNeeded": [
{
"type": "string",
"example": "none",
"enum": [
"none",
"reboot_needed",
"user_action_needed",
"upgrade_needed",
"incompatible_os",
"unprotected",
"user_action_needed_fda",
"user_action_needed_rs_fda",
"user_action_needed_network",
"rebootless_without_dynamic_detection",
"extended_exclusions_partially_accepted",
"user_action_needed_bluetooth_per",
"reboot_required"
]
}
],
"updatedAt": "2018-02-27T04:49:26.257525Z",
"scanAbortedAt": "2018-02-27T04:49:26.257525Z",
"rangerVersion": "string",
"threatRebootRequired": "boolean",
"locationType": "not_applicable",
"accountName": "string",
"allowRemoteShell": "boolean",
"uuid": "ff819e70af13be381993075eb0ce5f2f6de05be2",
"activeDirectory": {
"computerMemberOf": [
{
"type": "string"
}
],
"mail": "ActiveDirectory UPN",
"computerDistinguishedName": "CN=TEMP-T470P,CN=Computers,DC=sentinelone,DC=com",
"userPrincipalName": "some@mail.com",
"lastUserMemberOf": [
{
"type": "string"
}
],
"lastUserDistinguishedName": "CN=John Doe,CN=Users,DC=sentinelone,DC=com"
},
"isActive": "boolean",
"osType": "linux",
"totalMemory": 8192,
"isUninstalled": "boolean",
"locations": [
{
"name": "office1",
"scope": "global",
"id": "225494730938493804"
}
],
"networkInterfaces": [
{
"inet": [
{
"type": "string"
}
],
"gatewayMacAddress": "00:25:96:FF:FE:12",
"inet6": [
{
"type": "string"
}
],
"gatewayIp": "192.168.1.1",
"physical": "00:25:96:FF:FE:12:34:56",
"name": "string",
"id": "225494730938493804"
}
],
"storageType": "string",
"externalIp": "31.155.5.7",
"scanStartedAt": "2018-02-27T04:49:26.257525Z",
"modelName": "Acme computers - 15x4k",
"id": "225494730938493804",
"groupId": "225494730938493804",
"activeThreats": 3,
"scanFinishedAt": "2018-02-27T04:49:26.257525Z",
"isUpToDate": "boolean",
"operationalStateExpiration": "2018-02-27T04:49:26.257525Z",
"machineType": "unknown",
"osUsername": "string",
"tags": {
"sentinelone": [
{
"assignedBy": "string",
"key": "string",
"assignedById": "225494730938493804",
"id": "225494730938493804",
"value": "string",
"assignedAt": "2018-02-27T04:49:26.257525Z"
}
]
},
"licenseKey": "string",
"showAlertIcon": "boolean",
"osRevision": "string",
"appsVulnerabilityStatus": "patch_required",
"storageName": "string",
"osName": "Windows 10",
"lastActiveDate": "2018-02-27T04:49:26.257525Z",
"accountId": "225494730938493804",
"groupIp": "31.155.5.x",
"groupName": "string",
"isDecommissioned": "boolean",
"firewallEnabled": "boolean",
"inRemoteShellSession": "boolean",
"remoteProfilingStateExpiration": "string",
"locationEnabled": "boolean",
"installerType": ".msi",
"policyUpdatedAt": "2018-02-27T04:49:26.257525Z",
"encryptedApplications": "boolean",
"osStartTime": "2018-02-27T04:49:26.257525Z",
"remoteProfilingState": "string",
"mitigationMode": "detect",
"lastLoggedInUserName": "janedoe3",
"externalId": "string",
"agentVersion": "2.5.0.2417"
}
],
"pagination": {
"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE=",
"totalItems": 580
},
"errors": [
{
"type": "object"
}
]
}
Workflow Library Example
Validate That Sentinelone Edr is Installed for All Employees on Google Workspace
Preview this Workflow on desktop