Connecting SentinelOne Singularity Vulnerability Management VMS to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.
Key Capabilities
Automated vulnerability evidence collection: Syncs vulnerability data from SentinelOne VMS to Drata for compliance visibility.
Continuous monitoring: Tracks SLA timelines and new findings automatically each day.
Severity-based filtering: Sync only vulnerabilities of specified severity levels to focus on critical compliance risks.
This integration automates evidence collection for the Vulnerability Scanning test, which is mapped to DCF-18 by default. You can view findings by selecting the View Findings button after connecting or navigating directly to the Vulnerabilities page through the left-side navigation menu.
Prerequisites & Data Access
Must create a SentinelOne service user account with API access.
Drata will sync up to 1,000 new or updated vulnerabilities per day, ordered by severity from Critical to Low.
Drata does not automatically renew API tokens; you must manually generate and update them upon expiration.
Permissions & Data Table
Permission/Scope | Why It’s Needed | Data Accessed (Read Only) |
API Key (Service User) | Authenticates Drata’s access to SentinelOne VMS | Vulnerability findings, metadata, and timestamps |
Viewer Role | Restricts access to read-only visibility for compliance evidence | Vulnerability status, severity, and remediation details |
Base URL | Identifies your SentinelOne deployment for API access | Endpoint used for vulnerability queries and updates |
Step-by-Step Setup
Step 1: Create Service User and API Token Setup
In SentinelOne, create a new service user account (recommended to separate system access from real user credentials).
Assign the Viewer role to the service user.
Navigate to the API Token / API Keys section in the service user’s profile.
Create a new API Key and set an appropriate expiration date.
Copy the API Key and securely store it.
Note: When your API key expires, create a new service user and generate a new key. Update the Drata connection with the new credentials.
Complete the Connection
In Drata’s Connections page, enter the following information:
Drata Field | SentinelOne VMS Value |
API Key | The SentinelOne API Key created for the service user |
Base URL | The management URL for your SentinelOne deployment ( |
Severity Level | Critical, High, Medium, or Low |
First Seen On | The date for vulnerability sync start |
For steps on accessing and using the Connections page in Drata, refer to The Connections Page in Drata.
Review Findings
Once the connection is successfully created, you can select the View Findings button on the connection card or navigate to the Vulnerabilities page to review and manage the synced vulnerabilities for compliance monitoring. Learn more at Vulnerabilities help article.