Skip to main content


Download With Dependencies

Endpoint protection

This pack enables you to use SentinelOne for endpoint protection.
You can receive alerts from endpoints, search for processes on endpoints, block endpoints and manage the endpoint protection policy.

What does this pack do?

This pack enables you to

  • Connect, disconnect, shutdown, and uninstall agents.
  • Get information about agents and agent groups, move an agent from one group to another, delete groups, and send broadcast messages to groups of agents.
  • Get information about threats, mark a suspicious behavior as a threat, and mitigate threats.
  • Get information about the system sites and reactivate a site if necessary.
  • Get information about activities, events and processes in the system.
    The Sentinel One - Endpoint data collection playbook collects endpoint information by using SentinelOne commands.
    The pack includes the SentinelOne v2 integration and the Sentinel One - Endpoint data collection playbook.

How does this pack work?

Create an instance of the SentinelOne v2 integration and start fetching information from the SentinelOne database.

Note: Support for this Pack moved to the partner on March, 23, 2023.
Please contact the partner directly via the support link on the right.




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedSeptember 23, 2020
Last ReleaseMarch 26, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.