# SentinelOne

You will need an API Token from a Service User that has the Viewer role in your SentinelOne account. If you already have an API Token from a Service User, skip this step.

Log in to your SentinelOne Dashboard.

In the left sidebar menu, click Settings.

At the top of the Settings page, click the Users tab. 

<figure><img src="/files/4lJY0SYoKyBz7NTtC2ww" alt=""><figcaption></figcaption></figure>

On the left side of the Users page, click Service Users.&#x20;

Click the Actions dropdown, then click Create New Service User.&#x20;

<figure><img src="/files/bCb2TSvSohQXSxlAj7aV" alt=""><figcaption></figcaption></figure>

On the "Create New Service User" page, enter a name and a description, choose an expiration date, then click Next.

On the "Select Scope of Access" page, configure the following:

1. Access Level: Account
2. Account selected: Ensure you have selected the correct account and that the role is set to Viewer.&#x20;

<figure><img src="/files/a5wjgLO7qvaVYq03cJQb" alt=""><figcaption></figcaption></figure>

Click Create User.

Copy the API Token and store it in a secure location.

Please share the API token with our implementation team.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/cloud-log-forwarding/sentinelone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.