Skip to content

Latest commit

 

History

History
103 lines (69 loc) · 3.52 KB

README.md

File metadata and controls

103 lines (69 loc) · 3.52 KB
Raw

S1 MGMT Get Passphrase

GitHub license Molecule CI

The s1_mgmt_get_passphrase role retrieves the passphrase for an endpoint from the SentinelOne management console, using the agents UUID, and saves it to the s1_agent_passphrase fact.

Requirements

An endpoint with the SentinelOne agent installed and operational. A valid SentinelOne license, access to the SentinelOne Management Console and an API key are required.

Permissions required to get agent passphrases via the API

In order to successfully query agent passphrases via the API, the user account associated with the API token, s1_api_token, must be granted the permissions:

  • Accounts View
  • Endpoints View
  • Endpoints Show Passphrase
  • Groups View
  • Roles View
  • Sites View

Role Variables

s1_management_console: https://<management fqdn>

This is mandatory and is the URL to your SentinelOne management console.

s1_api_token:

This is mandatory and is the API token1 associated with the user which will running the role.

s1_api_limit: 100

The number of results to return with each call to the packages API endpoint.

s1_agent_passphrase_report: /home/jdoe/passphrase.csv

When defined with a valid path, a CSV file containing passphrases for the endpoints in the play will be saved to this location on the Ansible controller. This report contains sensitive information.

Dependencies

Example Playbook

Retrieve agent passphrases for use by other tasks in the play

Retrieve agent passphrases for all endpoints. The passphrase will be saved to the s1_agent_passphrase fact on each endpoint and can be used by subsequent tasks in the same play.

Warning: this sample play is very insecure - it prints the agent's passphrase to stdout. It is provided as an example to show that the s1_agent_passphrase fact can be used by later tasks in the play.

---
- name: Get the endpoint's passphrase
  hosts: all

  tasks:
    - name: Include the s1_mgmt_get_passphrase role
      ansible.builtin.include_role:
        name: s1_mgmt_get_passphrase

    - name: Show s1_agent_passphrase
      ansible.builtin.debug:
        var: s1_agent_passphrase

Generate a report of agent passphrases

Retrieve agent passphrases for all endpoints and generate a CSV report of passphrases. The report will be saved to /tmp/s1_agent_cache/agent_passphrase.csv.

---
- name: Generate a report of endpoint passphrases
  hosts:
  vars:
    s1_agent_uuid_report: /tmp/s1_agent_cache/agent_passphrase.csv

  tasks:
    - name: Include the s1_mgmt_get_passphrase role
      ansible.builtin.include_role:
        name: s1_mgmt_get_passphrase

License

GPL-3.0-or-later

Author Information

Nathan Gerhart / SentinelOne

Footnotes

  1. See the SentinelOne KnowledgeBase article Generating API Tokens.