Get the Agents, and their data, that match the filter. This command gives the Agent ID, which you can use in other commands.

Basic Parameters

ParameterDescription
CursorCursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.
LimitLimit number of returned items (1-1000). Example: “10”.
QueryA free-text search term, will match applicable attributes (sub-string match).
Note: Device’s physical addresses will be matched if they start with the search term only (no match if they contain the term).
Return All PagesAutomatically fetch all resources, page by page.
Sort ByThe column to sort the results by.
Sort OrderSort direction.

Advanced Parameters

ParameterDescription
Custom QueriesAdditional custom query parameters.

For more information about the available query parameters, visit https://your-subdomain.sentinelone.net/api-doc/api-details?category=agents&api=get-agents.

Example Output

{
	"data": [
		{
			"registeredAt": "2018-02-27T04:49:26.257525Z",
			"rangerStatus": "NotApplicable",
			"mitigationModeSuspicious": "detect",
			"cloudProviders": "object",
			"serialNumber": "string",
			"operationalState": "string",
			"networkQuarantineEnabled": "boolean",
			"coreCount": 8,
			"firstFullModeTime": "string",
			"cpuId": "Acme chips inc. Pro5555 @ 3.33GHz",
			"computerName": "JOHN-WIN-4125",
			"isPendingUninstall": "boolean",
			"detectionState": "string",
			"networkStatus": "connected",
			"infected": "boolean",
			"consoleMigrationStatus": "N/A",
			"cpuCount": 2,
			"scanStatus": "none",
			"createdAt": "2018-02-27T04:49:26.257525Z",
			"siteName": "string",
			"fullDiskScanLastUpdatedAt": "2018-02-27T04:49:26.257525Z",
			"lastIpToMgmt": "string",
			"groupUpdatedAt": "2018-02-27T04:49:26.257525Z",
			"domain": "mybusiness.net",
			"osArch": "32 bit",
			"siteId": "225494730938493804",
			"userActionsNeeded": [
				{
					"type": "string",
					"example": "none",
					"enum": [
						"none",
						"reboot_needed",
						"user_action_needed",
						"upgrade_needed",
						"incompatible_os",
						"unprotected",
						"user_action_needed_fda",
						"user_action_needed_rs_fda",
						"user_action_needed_network",
						"rebootless_without_dynamic_detection",
						"extended_exclusions_partially_accepted",
						"user_action_needed_bluetooth_per",
						"reboot_required"
					]
				}
			],
			"updatedAt": "2018-02-27T04:49:26.257525Z",
			"scanAbortedAt": "2018-02-27T04:49:26.257525Z",
			"rangerVersion": "string",
			"threatRebootRequired": "boolean",
			"locationType": "not_applicable",
			"accountName": "string",
			"allowRemoteShell": "boolean",
			"uuid": "ff819e70af13be381993075eb0ce5f2f6de05be2",
			"activeDirectory": {
				"computerMemberOf": [
					{
						"type": "string"
					}
				],
				"mail": "ActiveDirectory UPN",
				"computerDistinguishedName": "CN=TEMP-T470P,CN=Computers,DC=sentinelone,DC=com",
				"userPrincipalName": "some@mail.com",
				"lastUserMemberOf": [
					{
						"type": "string"
					}
				],
				"lastUserDistinguishedName": "CN=John Doe,CN=Users,DC=sentinelone,DC=com"
			},
			"isActive": "boolean",
			"osType": "linux",
			"totalMemory": 8192,
			"isUninstalled": "boolean",
			"locations": [
				{
					"name": "office1",
					"scope": "global",
					"id": "225494730938493804"
				}
			],
			"networkInterfaces": [
				{
					"inet": [
						{
							"type": "string"
						}
					],
					"gatewayMacAddress": "00:25:96:FF:FE:12",
					"inet6": [
						{
							"type": "string"
						}
					],
					"gatewayIp": "192.168.1.1",
					"physical": "00:25:96:FF:FE:12:34:56",
					"name": "string",
					"id": "225494730938493804"
				}
			],
			"storageType": "string",
			"externalIp": "31.155.5.7",
			"scanStartedAt": "2018-02-27T04:49:26.257525Z",
			"modelName": "Acme computers - 15x4k",
			"id": "225494730938493804",
			"groupId": "225494730938493804",
			"activeThreats": 3,
			"scanFinishedAt": "2018-02-27T04:49:26.257525Z",
			"isUpToDate": "boolean",
			"operationalStateExpiration": "2018-02-27T04:49:26.257525Z",
			"machineType": "unknown",
			"osUsername": "string",
			"tags": {
				"sentinelone": [
					{
						"assignedBy": "string",
						"key": "string",
						"assignedById": "225494730938493804",
						"id": "225494730938493804",
						"value": "string",
						"assignedAt": "2018-02-27T04:49:26.257525Z"
					}
				]
			},
			"licenseKey": "string",
			"showAlertIcon": "boolean",
			"osRevision": "string",
			"appsVulnerabilityStatus": "patch_required",
			"storageName": "string",
			"osName": "Windows 10",
			"lastActiveDate": "2018-02-27T04:49:26.257525Z",
			"accountId": "225494730938493804",
			"groupIp": "31.155.5.x",
			"groupName": "string",
			"isDecommissioned": "boolean",
			"firewallEnabled": "boolean",
			"inRemoteShellSession": "boolean",
			"remoteProfilingStateExpiration": "string",
			"locationEnabled": "boolean",
			"installerType": ".msi",
			"policyUpdatedAt": "2018-02-27T04:49:26.257525Z",
			"encryptedApplications": "boolean",
			"osStartTime": "2018-02-27T04:49:26.257525Z",
			"remoteProfilingState": "string",
			"mitigationMode": "detect",
			"lastLoggedInUserName": "janedoe3",
			"externalId": "string",
			"agentVersion": "2.5.0.2417"
		}
	],
	"pagination": {
		"nextCursor": "YWdlbnRfaWQ6NTgwMjkzODE=",
		"totalItems": 580
	},
	"errors": [
		{
			"type": "object"
		}
	]
}

Workflow Library Example

List Agents with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop