This pack enables you to use SentinelOne for endpoint protection.
You can receive alerts from endpoints, search for processes on endpoints, block endpoints and manage the endpoint protection policy.
What does this pack do?
This pack enables you to
- Connect, disconnect, shutdown, and uninstall agents.
- Get information about agents and agent groups, move an agent from one group to another, delete groups, and send broadcast messages to groups of agents.
- Get information about threats, mark a suspicious behavior as a threat, and mitigate threats.
- Get information about the system sites and reactivate a site if necessary.
- Get information about activities, events and processes in the system.
The Sentinel One - Endpoint data collection playbook collects endpoint information by using SentinelOne commands.
The pack includes the SentinelOne v2 integration and the Sentinel One - Endpoint data collection playbook.
How does this pack work?
Create an instance of the SentinelOne v2 integration and start fetching information from the SentinelOne database.
Note: Support for this Pack will be moved to the Partner on Feb 15, 2023.