Overview

Scrut integrates with Sentinel One via secure API authentication to automatically ingest both user access data and endpoint threat information. The integration powers automated access reviews by syncing account identifiers, roles, and MFA status, while also converting detected endpoint threats into structured vulnerabilities within Scrut’s Vulnerability Module. By eliminating manual uploads and centralizing this evidence in Scrut’s GRC platform, organizations can complete access reviews at scale, assign ownership for threats, and strengthen compliance and security with less effort.

Why Connect

Provide endpoint detection and MFA evidence for auditors Convert threats into tracked vulnerabilities with owners and SLAs Demonstrate endpoint protection and remediation through audit trails.

Supported Automated Tests

Scrut provides pre-built automated tests for SentinelOne. Here are a few examples of Scrut’s SentinelOne tests:

• Access reviews completed for all in-scope applications
• SentinelOne accounts associated with users
• SentinelOne accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for SentinelOne. Here are a few examples of Scrut’s SentinelOne-driven evidences that can be collected:

• Anti-virus dashboard and regular updates
• Mechanisms exist to remotely purge selected information from mobile devices/Endpoints.
• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• Report of Vulnerability Scan and Remediation Status
• User Access Approval list to Application, Infrastructure and Service
• Workstation Disk Encryption Settings