Use the SentinelOne v2 integration to your organize your company's end points.
This integration was integrated and tested with version xx of SentinelOne Beta
- Navigate to Settings > Integrations > Servers & Services .
- Search for SentinelOne Beta.
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Server URL (e.g., https://usea1.sentinelone.net )
- API Token
- Trust any certificate (not secure)
- Use system proxy
- Fetch incidents
- Fetch limit
- Incident type
- First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
- Minimum risk score for importing incidents (0-10), where 0 is low risk and 10 is high risk
- Click Test to validate the URLs, token, and connection.
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get all agents: sentinelone-list-agents
- Create an exclusion: sentinelone-create-white-list-item
- Get all exclusion items: sentinelone-get-white-list
- Get the reputation of a hash: sentinelone-get-hash
- Get a threat list: sentinelone-get-threats
- Get a threat summary: sentinelone-threat-summary
- Mark suspicious threats: sentinelone-mark-as-threat
- Mitigate threats: sentinelone-mitigate-threat
- Resolve threats: sentinelone-resolve-threat
- Get agent details: sentinelone-get-agent
- Get a list of sites: sentinelone-get-sites
- Get a site list: sentinelone-get-site
- Reactivate a site: sentinelone-reactivate-site
- Get a list of activities: sentinelone-get-activities
- Get group data: sentinelone-get-groups
- Move agent: sentinelone-move-agent
- Delete a group: sentinelone-delete-group
- Retrieve agent processes: sentinelone-agent-processes
- Connect an agent: sentinelone-connect-agent
- Disconnect an agent: sentinelone-disconnect-agent
- Broadcast a message to agents: sentinelone-broadcast-message
- Get Deep Visibility events: sentinelone-get-events
- Create a Deep Visibility query: sentinelone-create-query
- Get a list of Deep Visibility events by process: sentinelone-get-processes
- Shutdown an agent: sentinelone-shutdown-agent
- Uninstall an agent: sentinelone-uninstall-agent
Gets a list of all agents.
|computer_name||Filter by computer name.||Optional|
|scan_status||CSV list of scan statuses by which to filter the results, for example: “started,abort|