Add SentinelOne EDR (#422)

* Add SentinelOne Singularity integration guide and update navigation

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* update steps

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* wip: refactor doc

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* fix grammar

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

* refactor

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

---------

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>

src/components/NavigationDocs.jsx

@@ -111,6 +111,7 @@ export const docsNavigation = [
                      links: [
                          { title: 'CrowdStrike Falcon', href: '/how-to/crowdstrike-edr' },
                          { title: 'Microsoft Intune', href: '/how-to/intune-mdm' },
+                         { title: 'SentinelOne Singularity', href: '/how-to/sentinelone-edr' },
                      ]
                  },
 

src/pages/how-to/endpoint-detection-and-response.mdx

@@ -37,3 +37,4 @@ NetBird integrates with the following EDR platforms:
 
 * [CrowdStrike Falcon](/how-to/crowdstrike-edr)
 * [Microsoft Intune](/how-to/intune-mdm)
+* [SentinelOne Singularity](/how-to/sentinelone-edr)

src/pages/how-to/sentinelone-edr.mdx

@@ -0,0 +1,110 @@
+# Restrict Network Access with SentinelOne Singularity™
+
+[SentinelOne Singularity](https://www.sentinelone.com/platform/) is an autonomous cybersecurity platform that provides
+comprehensive endpoint protection, detection, and response capabilities. The SentinelOne agent runs on your devices (endpoints),
+collecting and analyzing endpoint data to detect and respond to threats in real-time. The agent's presence on endpoints and the
+security data it collects can be utilized to enforce access policies and limit network access according to the "health" status
+of the endpoints.
+
+The integration of NetBird with SentinelOne provides organizations with robust security controls that allow
+only IT-managed devices running SentinelOne to access the network. Additionally, the integration uses SentinelOne's threat
+detection capabilities, enabling administrators to further limit network access based on the security posture of each device.
+
+SentinelOne's endpoint protection provides real-time threat detection and automated response capabilities. By integrating with
+SentinelOne Singularity, NetBird can ensure that only devices with active security monitoring and protection can access the network.
+
+In this guide, we will walk you through the configuration steps to integrate SentinelOne Singularity with NetBird and use
+endpoint security status to control network access for devices that meet your security requirements.
+
+## Prerequisites
+
+Before you start creating and configuring a SentinelOne integration, ensure that you have the following:
+- A SentinelOne account with the permissions to create and manage API tokens.
+  If you don't have the required permissions, ask your SentinelOne administrator to grant them to you.
+
+## Create a SentinelOne API Token
+
+- Navigate to your SentinelOne Management Console
+- Go to **Settings** » **Users** » **Service Users**
+- Click **Create Service User**
+- Fill in the form:
+  - **Name**: `NetBird Integration`
+  - **Description**: `API token for NetBird EDR integration` (optional)
+  - **Expiration Date**: Set your preferred expiration date
+- Click **Next**
+- Select Site and set **Scope** to **Viewer**
+- Click **Create User**
+- Copy the generated API token immediately (it will only be displayed once)
+- Note your SentinelOne console URL from your browser's address bar (e.g., `https://your-tenant.sentinelone.net`)
+
+<Note>
+Treat the API token securely and store it safely. You will need both the console URL and API token for the NetBird integration configuration.
+</Note>
+
+## Configure a SentinelOne Integration in NetBird
+
+- Navigate to the [Integrations &raquo; EDR](https://app.netbird.io/integrations?tab=edr) tab in the NetBird dashboard
+- Click **Connect SentinelOne** to start the configuration wizard
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/getting-started.png" alt="SentinelOne integration getting started" className="imagewrapper-big"/>
+</p>
+- Click the **Get Started** button to initiate the integration process
+- Enter your SentinelOne console URL (e.g., `https://your-tenant.sentinelone.net`) and click **Continue**
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/console-config.png" alt="SentinelOne console configuration" className="imagewrapper-big"/>
+</p>
+
+- Enter the API token you created in the previous step and click **Continue** to verify the connection
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/service-user.png" alt="SentinelOne service user configuration" className="imagewrapper-big"/>
+</p>
+
+- Select the **groups** you want to apply the integration to and click **Connect**
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/group-config.png" alt="SentinelOne group configuration" className="imagewrapper-big"/>
+</p>
+
+
+<Note>
+    The EDR check will apply only to peers in the selected groups and will require a running SentinelOne agent.
+    You can also use groups [synchronized from your Identity Provider (IdP)](/how-to/idp-sync).
+</Note>
+
+- Configure the compliance criteria that devices must meet to access your network. These security requirements ensure only healthy, properly configured devices can connect. Select the criteria that align with your organization's security policies:
+  - **Allowed Active Threats**: Maximum number of active threats allowed on a device. Default is set to `0` to block devices with any active threats.
+  - **Disk Encryption**: Requires disk encryption to be enabled on the device.
+  - **Firewall**: Requires the device firewall to be enabled and active.
+  - **Block Infected Devices**: Prevents network access for devices with confirmed active infections.
+  - **Network Connectivity**: Requires active network connection between the device and SentinelOne services.
+  - **Active Status**: Requires the SentinelOne agent to be active and reporting. The agent must be in operational state (not disabled, corrupted, or experiencing errors).
+  - **Latest Agent Version**: Requires the SentinelOne agent to be running the most current version.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/compliance-config.png" alt="edr-integrations" className="imagewrapper-big"/>
+</p>
+
+
+- Configure the **SentinelOne Sync Window** (default is 24 hours). This setting determines which devices NetBird will consider for network access based on their recent activity in SentinelOne. Only devices that have been active and reporting to SentinelOne within this time window will be synchronized. These devices must then also meet the configured compliance criteria to gain network access.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/sync-config.png" alt="edr-integrations" className="imagewrapper-big"/>
+</p>
+
+- Click **Connect** to complete the integration setup
+
+- Only peers that have the SentinelOne agent installed and meet all the configured compliance criteria will be granted access to the network. 
+  Peers without the SentinelOne agent or those that don't meet the compliance requirements will appear with an `Approval required` mark in the peers list and won't be able to access 
+  the network until they have the agent installed and satisfy all the specified security requirements.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/sentinelone/edr-approval-required.png" alt="edr-approval-required" className="imagewrapper-big"/>
+</p>
+
+
+<Note>
+    NetBird matches the SentinelOne agent to the peer using the Serial Number of the device. You must ensure that each of your devices has a unique serial number.
+</Note>
+