SentinelOne

Integration version: 3.0

Configure SentinelOne integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Disconnect Agent From Network

Description

Disconnect an agent from the network connection.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Enrich Endpoint

Description

Enrich an endpoint entity with information from the system.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Agent Status

Description

Get the status of an agent of either active or inactive.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Application List for Endpoint

Description

Get a list of applications by an endpoint (host or IP address).

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Events for Endpoint by Time

Description

Get all of the events related to an endpoint.

Parameters

Parameter Type Default Value Description
Hours Back String N/A How much time back to fetch events from.
Events Amount Limit String N/A Events amount limit.

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Hash Reputation

Description

Get the reputation of a hash by SHA1.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get Process List for Endpoint

Description

Get the process list by an endpoint.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get System Status

Description

Get the system health status of SentinelOne.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Get System Version

Description

Get the system version of SentinelOne

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Initiate Full Scan

Description

Initiate a full disk scan on an endpoint.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_succeed:False
JSON Result
N/A

Ping

Description

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_succeed:False
JSON Result
N/A

Reconnect Agent to the Network

Description

Reconnect a disconnected agent to the network.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the following entities:

  • IP Address
  • Hostname

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Update Exclusion List add Path

Description

Add a path to an existing exclusion list.

Parameters

Parameter Type Default Value Description
List Name String N/A Exclusion list name.
Path String N/A Path to add to the list.
Operation System String N/A Operation system, can be: windows, osx, linux or android.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A