Skip to main content

SentinelOne

Endpoint protection

This pack enables you to use SentinelOne for endpoint protection.
You can receive alerts from endpoints, search for processes on endpoints, block endpoints and manage the endpoint protection policy.

What does this pack do?

This pack enables you to

  • Connect, disconnect, shutdown, and uninstall agents.
  • Get information about agents and agent groups, move an agent from one group to another, delete groups, and send broadcast messages to groups of agents.
  • Get information about threats, mark a suspicious behavior as a threat, and mitigate threats.
  • Get information about the system sites and reactivate a site if necessary.
  • Get information about activities, events and processes in the system.
    The Sentinel One - Endpoint data collection playbook collects endpoint information by using SentinelOne commands.
    The pack includes the SentinelOne v2 integration and the Sentinel One - Endpoint data collection playbook.

How does this pack work?

Create an instance of the SentinelOne v2 integration and start fetching information from the SentinelOne database.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedSeptember 23, 2020
Last ReleaseMarch 30, 2022
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.