Generate an API token in the SentinelOne management console under Settings > Users > API Token (Admin role recommended) and include it as Authorization: ApiToken YOUR_TOKEN on all requests; note your console URL (https://{tenant}.sentinelone.net).
Query threats with GET https://{tenant}.sentinelone.net/web/api/v2.1/threats, using query parameters such as resolved (false for open threats), agentMachineTypeIn, severityIn, and createdAt__gte (ISO 8601) to filter the result set.
Parse each threat object for id, agentId, threatInfo.threatName, threatInfo.sha256, threatInfo.confidenceLevel, threatInfo.mitigationStatus, and agentRealtimeInfo.agentComputerName to build incident context.
Trigger automated mitigation on a specific threat by POSTing to https://{tenant}.sentinelone.net/web/api/v2.1/threats/mitigate/{action} (where action is one of: quarantine, kill, remediate, rollback-remediation) with a JSON body containing a filter containing the threat IDs.
Confirm remediation by polling the threat record until mitigationStatus transitions to the expected state; log the outcome alongside the original threat ID for audit trail purposes.
Known gotchas
Tenant console URLs are region-specific (e.g., usea1, euc1) and cannot be inferred; hard-coding the wrong subdomain results in HTTP 404 or connection errors — retrieve the correct URL from the SentinelOne portal.
Remediation actions such as rollback use VSS (Volume Shadow Copy) snapshots and are only available on Windows agents with VSS enabled; calling rollback on an incompatible endpoint returns a success HTTP status but the action silently fails on the agent.
The API uses cursor-based pagination via the nextCursor field; offset-based paging is not supported for the threats endpoint — implement cursor tracking for complete result retrieval.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp