
Jun 21, 2023
1.1.1
ThreatQ versions >= 4.34.0
SentinelOne Operation
Overview
The SentinelOne Operation for ThreatQuotient enables a user to interact with SentinelOne and decrease the time-to-mitigation for a given threat.
The operation provides the following actions:
- Get Reputation - gets a reputation for a given SHA-1 hash.
- Blacklist - blacklists a given SHA-1 hash.
- Add Exclusion - excludes a given SHA-1 hash.
- Query Incidents - fetches incidents/threats related to the given object.
- Mitigate Threat - apply a mitigation action to threats that match a given object.
- Create Firewall Rule - creates a firewall rule to allow or block a given host.
- Check Endpoints - checks to see if a CVE affects any applications installed on an endpoint.
- Hunt - generates a link to directly hunt an IOC in SentinelOne.
The operation is compatible with the following indicator types:
- SHA-1
- SHA-256
- MD5
- IP Address
- FQDN
- CIDR Block
- CVE