CLOUD CONNECTOR

SentinelOne

SentinelOne is a leading endpoint security solution, integrating advanced endpoint detection capabilities with pre-execution (static AI), on execution (behavioral AI), and post execution (EDR) protection capabilities.

Securonix integrates with the SentinelOne API, ingesting detected threat events and correlating them with events across the rest of the enterprise security infrastructure in order to identify major threats, mitigate endpoint threat events that may spread across the enterprise, and enable fast SOC response.

Module Major API Commands/Log/Event Types Related Threats Details
Threats Auto Complete, Add to Blacklist (Deep Visibility), Get Timeline Categories, Create Slim Threat (Minimal Information), Create Deep Visibility Threat, Disconnect Agents, Mark as Threat (Deep Visibility), Free-Text Filters, Get Threat Available Actions, Connect Agents, Count By Filters, Disable Engines, Threat Summary, Update Threat External Ticket ID, Add to Exclusions, Add to Blacklist, Update Threat Analyst Verdict, Grouped Threats, Fetch Threat File, Updated Threat Incident, Export Threats, Get Threats, Prefetch Events, Count Events by Type, Get Enriched Events, Get Timeline Events, Get Process Events, Get Tree, Export Events, Threat Appearances, Threat Analysis, Get Events, Export Threat Timeline, Export Mitigation Report, Mitigate Threats, Exclusion Options, Get Threat Timeline Malware, DLP, Account Compromise, Network-Based Threats, Insider Threat All threat events
Activity Get Activity Types, Last Activity as Syslog Message, Get Activities Malware, DLP, Account Compromise, Network-Based Threats, Insider Threat All user activities