SentinelOne Action
Overview
The SentinelOne action contains three functions that provide you with the ability to add/remove hashes to blacklist/whitelist and mitigate actions on indicators.
Credentials and other configurations should be obtained from the SentinelOne instance an analyst intends to interface with. These are intended for bulk and/or automated execution of SentinelOne features.
The action provides the following functions:
Credentials and other configurations should be obtained from the SentinelOne instance an analyst intends to interface with. These are intended for bulk and/or automated execution of SentinelOne features.
The action provides the following functions:
- SentinelOne Blacklist or Whitelist - adds SHA-1 hashes to either the blacklist or the whitelist on the SentinelOne platform.
- SentinelOne Mitigate Threats - performs mitigation actions on indicators on the SentinelOne platform.
- SentinelOne Delete Hashes - removes SHA-1 hashes from either the blacklist or the whitelist on the SentinelOne platform.
The action is compatible with SHA-1 and File Path indicator types and returns indicators and indicator attributes.
Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.
Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.