Skip to main content

SentinelOne

Download With Dependencies

Endpoint protection

This pack enables you to use SentinelOne for endpoint protection.
You can receive alerts from endpoints, search for processes on endpoints, block endpoints and manage the endpoint protection policy.

What does this pack do?

This pack enables you to

  • Connect, disconnect, shutdown, and uninstall agents.
  • Get information about agents and agent groups, move an agent from one group to another, delete groups, and send broadcast messages to groups of agents.
  • Get information about threats, mark a suspicious behavior as a threat, and mitigate threats.
  • Get information about the system sites and reactivate a site if necessary.
  • Get information about activities, events and processes in the system.
    The Sentinel One - Endpoint data collection playbook collects endpoint information by using SentinelOne commands.
    The pack includes the SentinelOne v2 integration and the Sentinel One - Endpoint data collection playbook.

How does this pack work?

Create an instance of the SentinelOne v2 integration and start fetching information from the SentinelOne database.

Note: Support for this Pack will be moved to the Partner on Feb 15, 2023.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedSeptember 23, 2020
Last ReleaseJanuary 11, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.