• Last Updated
    Jun 21, 2023
  • Version
    1.1.1
  • Compatibility
    ThreatQ versions >= 4.34.0
  • SentinelOne Operation

    ThreatQuotient

    www.sentinelone.com/

    Overview

    The SentinelOne Operation for ThreatQuotient enables a user to interact with SentinelOne and decrease the time-to-mitigation for a given threat.

    The operation provides the following actions:

    • Get Reputation - gets a reputation for a given SHA-1 hash.
    • Blacklist - blacklists a given SHA-1 hash.
    • Add Exclusion - excludes a given SHA-1 hash.
    • Query Incidents - fetches incidents/threats related to the given object.
    • Mitigate Threat - apply a mitigation action to threats that match a given object.
    • Create Firewall Rule - creates a firewall rule to allow or block a given host.
    • Check Endpoints - checks to see if a CVE affects any applications installed on an endpoint.
    • Hunt - generates a link to directly hunt an IOC in SentinelOne.

    The operation is compatible with the following indicator types:

    • SHA-1
    • SHA-256
    • MD5
    • IP Address
    • FQDN
    • CIDR Block
    • CVE

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy