SentinelOne app icon

SentinelOne

This app integrates with the SentinelOne Singularity platform to perform prevention, detection, remediation, and forensic endpoint management tasks

Built by
soar product badge
Latest Version 2.2.9
April 28, 2025
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1, 6.0, 5.5, 5.4, 5.3, 5.2, 5.1
Rating

0

(0)

Log in to rate this app
Support
SentinelOne support icon
Not Supported
Ranking

#44

in Endpoint
This app integrates with the SentinelOne Singularity platform to perform prevention, detection, remediation, and forensic endpoint management tasks

Supported Actions

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • block hash: Add a file hash to the global blocklist
  • unblock hash: Remove a hash from the global blocklist
  • quarantine device: Quarantine an endpoint
  • unquarantine device: Unquarantine an endpoint
  • mitigate threat: Mitigate an identified threat
  • abort scan: Stop a Full Disk Scan on endpoint/agent
  • shutdown endpoint: Shutdown an endpoint
  • broadcast message: Send a Message through the Agents that users can see
  • get file: Fetch files from endpoints to analyze the root of threats
  • fetch firewall rules: Fetch the firewall rules
  • fetch firewall logs: Fetch the firewall logs
  • scan endpoint: Start a Full Disk Scan on endpoint/agent
  • get endpoint info: Get detailed information about an endpoint/agent
  • get threat info: Get detailed information about a threat
  • list applications: Get the applications, and their data, installed on endpoints
  • get cves: Get known CVEs for applications that are installed on endpoints with Application Risk-enabled Agents
  • get devicecontrol events: Get the data of Device Control events on Windows and macOS endpoints
  • list firewall rules: Get the Firewall Control rules for a scope specified
  • create firewall rule: Create a Firewall Control rule
  • hash reputation: Get the reputation of a hash, given the required SHA1
  • get threat notes: Get the threat notes
  • add threat note: Add a threat note to multiple threats
  • export threat timeline: Export a threat's timeline
  • export mitigation report: Export the mitigation report of threat
  • export threats: Export data of threats
  • fetch threat file: Fetch a file associated with the threat
  • update threat analystverdict: Change the verdict of a threat, as determined by a Console user
  • get threat timeline: Get a threat's timeline
  • update threat incident: Update the incident details of a threat
  • download from cloud: Download threat file from cloud
  • on poll: Callback action for the on_poll ingest functionality

Categories

Endpoint

Created By

SOAR Community

Source Code

GitHub(Opens new window)

Type

connector

Downloads

1,279

Featured in Collection

Detection and Response

Licensing

Apache License 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing