Introducing the SentinelOne Excel Plugin

Work in IT security for a while, and you will find there is a common theme – you start with a lot of data, and sometimes you end up with Microsoft Excel. Our challenge then tends to be two-fold, first acquiring the data and second turning it into useful information. The information is what we convey to others, to provide them with visibility, and to communicate our findings.

The SentinelOne server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. SentinelOne provides a complete set of RESTful APIs for this purpose, but it does require some scripting and technical work.

To make this easier for our customers we have introduced the SentinelOne Excel Plugin, which provides easy access to import data directly into Microsoft Excel.

The plugin uses the Visual Studio Tools for Office (VSTO) technology which is available on Microsoft Excel on Windows. (Not currently available for Microsoft Excel on macOS).

Here are some highlights on what the plugin can do:

  • Exports common SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more.
  • Automatically generates Excel pivot tables and charts for the Threat, Agent, and Application objects.
  • Login using access tokens or username/password, and it supports two-factor authentication.
  • Shows readable API details of the plugin’s requests and the actual JSON data received from the SentinelOne server.
  • Generates HTML and PDF summary reports that can be delivered via email.

However, most importantly, the data is in Excel for custom processing, filtering, and analysis.

The MSI installer can be downloaded from the SentinelOne support portal using the following link.
Download the SentinelOne Excel Plugin

Below is an example of Threat data exported from the server.
Use standard Excel filters and features to manipulate the data for customized views.


The plugin pre-creates some pivot tables and charts for common reporting metrics.


An HTML and/or PDF summary report can also be created and emailed.


Go ye therefore and unleash the power of Excel to battle cybercrime and save the day for those who need information available through the SentinelOne Endpoint Protection Platform.