Integrations
- Integrations
- 1Password
- Abnormal
- Absolute
- AbuseIPDB
- Acronis
- Active Directory On-Prem
- Adaptive Shield
- Adobe Cloud
- ADP
- Agari Phishing Response
- Airlock
- Airlock Digital
- Akamai Identity Cloud Social
- Alert Logic
- AlgoSec Firewall Analyzer
- Alienvault OTX
- Alienvault USM
- Anodot
- Ansible
- Anthropic
- Anvilogic
- Any Run
- Apex One
- ArcSight ESM
- Ardoq
- Area 1
- Armis Centrix
- Asana
- Asset Panda
- Astrix
- Atlassian Crowd
- Atlassian User Management
- Atlassian User Provisioning
- AuditBoard
- auth0
- Authentik
- Authomize
- Automox
- AWS
- AWS IAM Identity Center
- Axonius
- Azure
- Azure Data Explorer
- Azure DevOps
- Azure Log Analytics
- Azure Storage
- BambooHR
- Big Fix
- BigPanda
- Bitbucket
- Bitdefender
- Bitsight
- Bitwarden
- Black Duck
- Black Kite
- Blink
- BMC Remedy
- Box
- Brinqa
- Cato Networks
- Censys
- Chorus
- Cisco Advanced Phishing Protection
- Cisco Domain Protection
- Cisco Meraki
- Cisco Talos
- Cisco Umbrella
- Cisco Webex
- Claroty CTD
- Claroty xDome
- ClearPass
- ClickHouse
- ClickUp
- Cloud Custodian
- Cloudflare
- Cloudflare R2
- Cobalt.io
- Check Point Harmony
- Check Point Infinity Events
- Check Point Management
- Check Point XDR/XPR
- Checkmarx SAST
- Checkmarx One
- Chronicle
- Compass
- Confluence
- Confluence Data Center
- Coralogix
- Coralogix Incident Management
- Cortex XDR
- Cortex Xpanse
- Coupa Compass
- CredStash
- Cribl
- CrowdStrike
- CyberArk
- Cybersixgill
- CyCognito
- Cyera
- Cylance
- Cyware CTIX
- Darktrace
- Dasera
- Databricks
- Datadog
- DataSet
- Delighted
- Delinea
- Devo
- Digital-Shadows
- Discord
- Docusign
- Domo
- Drata
- Dropbox
- Dropbox Business
- druva
- Duo
- Duo Auth
- Dynatrace
- EasyVista
- EchoTrail
- Egnyte
- Egnyte Secure Govern
- Elasticsearch
- Entro
- Entrust Certificate Services
- Ermetic
- Exabeam
- Exchange Online
- Expel
- F5
- Falcon LogScale
- Falcon Surface
- Fastly
- Flare.io
- Forcepoint DLP
- Forescout
- FortiGate
- Freshservice
- GCP
- Gemini
- Ghostwriter
- Git
- GitHub
- GitLab
- Glean
- Gmail
- Google Calendar
- Google Chat
- Google Docs
- Google Drive
- Google Forms
- Google Looker
- Google Meet
- Google Sheets
- Google Workspace
- Grafana
- Greenhouse
- GreyNoise
- Grip Security
- GYTPOL
- HackerOne
- HackNotice
- Halo PSA
- Have I Been Pwned
- HiBob
- HubSpot
- Hunters
- Hybrid Analysis
- Hyperproof
- IBM CLoud
- IBM NS1 Connect
- IBM Security Verify
- IBM X Force
- Imperva
- Incident.io
- Infobip
- Infoblox Cloud Services Portal
- Intercom
- Intezer
- IP API
- IPinfo
- IPWHOIS
- Ironscales
- Ivanti RiskSense
- Jamf
- JetBrains
- JFrog
- Jira
- Jira Data Center
- Joe Sandbox
- JumpCloud
- Kandji
- Keeper Secrets Manager
- Kenna Security
- KnowBe4
- KnowBe4 Events
- Kubernetes
- Lacework
- LaunchDarkly
- LimaCharlie
- Linear
- Litmos
- Living Security
- LogicMonitor
- LogRhythm
- Manage Engine ServiceDesk Plus
- Mattermost
- Maven
- Microsoft Defender For Cloud
- Microsoft Defender For Cloud Apps
- Microsoft Defender For Endpoints
- Microsoft Defender XDR
- Microsoft E-Discovery
- Microsoft Entra ID
- Microsoft Excel
- Microsoft Graph
- Microsoft Intune
- Microsoft Office 365 Management Activity
- Microsoft Outlook
- Microsoft Purview
- Microsoft Sentinel
- Microsoft SQL Server
- Microsoft Teams
- Mimecast
- MISP
- Monday
- MongoDB Atlas
- MxToolbox
- Neo4j
- NetBox
- Netography
- Netskope
- New Relic
- Nexthink
- Nightfall AI
- NinjaOne
- Notion
- Nozomi Networks
- Nuclei
- Nucleus
- Nutanix Hypervisor
- Obsidian
- Okta
- OneDrive
- OneLogin
- OneTrust
- Oort
- OpenAI
- OpenCTI
- Opsgenie
- OPSWAT
- Oracle Cloud
- Oracle HCM
- Oracle NetSuite
- Oracle PeopleSoft
- Orca Security
- OWASP ZAP
- PagerDuty
- Palo Alto NGFW
- Palo Alto Firewall
- Panther
- Pentera
- Perception Point
- PhishLabs
- PhishLabs Incident Data
- PhishLabs Open Web Monitoring
- Pingdom
- PingID
- PingOne
- PlexTrac
- PortSwigger
- Postman
- Postman SCIM
- Power BI
- PowerShell
- Prisma Access
- Prisma Cloud
- Prisma Cloud CWP
- Prometheus
- Proofpoint
- Proofpoint ITM
- Proofpoint Protection Server
- Proofpoint Security Awareness Training
- Proofpoint TAP
- Proofpoint TRAP
- Pub-Sub
- QRadar
- Qualys
- Rapid7
- Rapid7 InsightIDR
- Rapid7 InsightVM Cloud
- Rapid7 Threat Command
- Reco
- Recorded Future
- Recorded Future Triage Cloud
- Red Hat IDM
- Rippling
- Rubrik
- runZero
- SafeBase
- SafeBreach
- Sage HR
- SailPoint
- SailPoint IdentityIQ
- Salesforce
- SAP Ariba
- Sap Concur
- ScienceLogic
- Securin
- Securin VI
- SecurityScorecard
- Securonix
- Seemplicity
- Sekoia.io
- SemGrep
- SentinelOne
- SentinelOne
- Actions
- Overview
- Abort Scan
- Add Threat To Exclusions
- Add To Block List
- Add To Blocklist Deep Visibility
- Ban Hash
- Broadcast Message To Users
- Create Deep Visibility Query
- Create Firewall Rule
- Create USB Device Control Rule
- Deep Visibility Query
- Delete Firewall Rules
- Delete User
- Disable Agent
- Download From Cloud
- Enable Agent
- Export Agents Data
- Export Events
- Export Mitigation Report
- Export Threat Timeline
- Export Threats
- Fetch Deep Visibility Query Results
- Get Account By ID
- Get Agents Count
- Get Alerts
- Get CVEs For Application
- Get Endpoint Tags
- Get Events
- Get Local Upgrade Agent Authorization
- Get Passphrases
- Get Threat Timeline
- Get Threats
- Initiate Scan
- Isolate Endpoint
- Lift Endpoint Isolation
- List Accounts
- List Activities
- List Activities Types
- List Agent Applications
- List Agents
- Mitigate Threats
- SentinelOne Custom Action
- Uninstall Agent
- Update Alert Analyst Verdict
- Update Incident Details Of An Alert
- Update Threat Analyst Verdict
- Update Threat External Ticket ID
- Update Threat Incident
- ServiceNow
- SharePoint
- Shodan
- Shopify
- Silverfort
- Slack
- Smartsheet
- Snipe IT
- Snowflake
- Snyk
- SolarWinds Information Service
- SolarWinds Service Desk
- SonarQube
- Sophos
- Split
- Splunk
- Splunk Observability
- Splunk SOAR
- Spur
- StrongDM
- Sumo Logic
- Symantec EDR
- Sysdig
- Tableau
- Tanium
- TeamCity
- TeamViewer
- Telegram
- Tempo
- Tenable
- Tenable Security Center
- Terraform
- Terraform Cloud
- Tessian
- TheHive
- Thinkst Canary
- Thomson Reuters
- ThreatQuotient
- Trellix Email Security
- Trello
- Trend Vision One
- Twilio
- UKG HR
- Uptycs
- URLScan
- Vault
- Veracode
- Verkada
- Vertica
- VMware vSphere
- VMware Carbon Black
- VirusTotal
- WeChat
- WhatsApp
- WhoIs
- WildFire
- Wiz
- Workday
- Workspace ONE UEM
- YesWeHack
- Zendesk
- Zero Networks
- Zoom
- Zscaler Internet Access
- Zscaler Private Access
Actions
Get Alerts
Get a list of alerts for a given scope.
Basic Parameters
| Parameter | Description |
|---|---|
| Alert IDs | Filter by a list of alert IDs. |
| Analyst Verdict | Filter alerts by an analyst verdict. Options: FALSE_POSITIVE SUSPICIOUS TRUE_POSITIVE UNDEFINED |
| Count Only | If true, only total number of items will be returned, without any of the actual objects. |
| Created After | Created after a specified timestamp. |
| Created Before | Created before a specified timestamp. |
| Cursor | Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: “YWdlbnRfaWQ6NTgwMjkzODE=”. |
| Incident Status | Filter alerts by a incident status. Options: IN_PROGRESS RESOLVED UNRESOLVED |
| Limit | Limit number of returned items (1-1000). Example: 10. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Sort By | The column to sort the results by. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Account IDs | List of account IDs to filter by. Example: 225494730938493804,225494730938493915. |
Example Output
Copy
Ask AI
{
"data": [
{
"agentDetectionInfo": {
"accountId": "<string>",
"machineType": "<string>",
"name": "<string>",
"osFamily": "<string>",
"osName": "<string>",
"osRevision": "<string>",
"siteId": "<string>",
"uuid": "<string>",
"version": "<string>"
},
"agentRealtimeInfo": {
"id": "<string>",
"infected": false,
"isActive": false,
"isDecommissioned": true,
"machineType": "<string>",
"name": "<string>",
"os": "<string>",
"uuid": "<string>"
},
"alertInfo": {
"alertId": "<string>",
"analystVerdict": "<string>",
"createdAt": "2025-01-01T15:56:21.535999Z",
"dnsRequest": null,
"dnsResponse": null,
"dstIp": null,
"dstPort": null,
"dvEventId": "<string>",
"eventType": "<string>",
"hitType": "<string>",
"incidentStatus": "<string>",
"indicatorCategory": null,
"indicatorDescription": null,
"indicatorName": null,
"isEdr": true,
"loginAccountDomain": "<string>",
"loginAccountSid": "<string>",
"loginIsAdministratorEquivalent": "<string>",
"loginIsSuccessful": "<string>",
"loginType": "<string>",
"loginsUserName": "<string>",
"modulePath": null,
"moduleSha1": null,
"netEventDirection": null,
"registryKeyPath": null,
"registryOldValue": null,
"registryOldValueType": null,
"registryPath": null,
"registryValue": null,
"reportedAt": "2025-01-01T15:56:21.535999Z",
"source": "<string>",
"srcIp": null,
"srcMachineIp": "<string>",
"srcPort": null,
"tiIndicatorComparisonMethod": null,
"tiIndicatorSource": null,
"tiIndicatorType": null,
"tiIndicatorValue": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
},
"containerInfo": {
"id": null,
"image": null,
"labels": null,
"name": null
},
"kubernetesInfo": {
"cluster": null,
"controllerKind": null,
"controllerLabels": null,
"controllerName": null,
"namespace": null,
"namespaceLabels": null,
"node": null,
"pod": null,
"podLabels": null
},
"ruleInfo": {
"description": null,
"id": "<string>",
"name": "<string>",
"queryLang": "<string>",
"queryType": "<string>",
"s1ql": "<string>",
"scopeLevel": "<string>",
"severity": "<string>",
"treatAsThreat": "<string>"
},
"sourceParentProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"sourceProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"targetProcessInfo": {
"tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileHashSha1": null,
"tgtFileHashSha256": null,
"tgtFileId": null,
"tgtFileIsSigned": "<string>",
"tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileOldPath": null,
"tgtFilePath": null,
"tgtProcCmdLine": null,
"tgtProcImagePath": null,
"tgtProcIntegrityLevel": "<string>",
"tgtProcName": null,
"tgtProcPid": null,
"tgtProcSignedStatus": null,
"tgtProcStorylineId": null,
"tgtProcUid": null,
"tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
}
},
{
"agentDetectionInfo": {
"accountId": "<string>",
"machineType": "<string>",
"name": "<string>",
"osFamily": "<string>",
"osName": "<string>",
"osRevision": "<string>",
"siteId": "<string>",
"uuid": "<string>",
"version": "<string>"
},
"agentRealtimeInfo": {
"id": "<string>",
"infected": false,
"isActive": false,
"isDecommissioned": true,
"machineType": "<string>",
"name": "<string>",
"os": "<string>",
"uuid": "<string>"
},
"alertInfo": {
"alertId": "<string>",
"analystVerdict": "<string>",
"createdAt": "2025-01-01T15:56:21.535999Z",
"dnsRequest": null,
"dnsResponse": null,
"dstIp": null,
"dstPort": null,
"dvEventId": "<string>",
"eventType": "<string>",
"hitType": "<string>",
"incidentStatus": "<string>",
"indicatorCategory": null,
"indicatorDescription": null,
"indicatorName": null,
"isEdr": true,
"loginAccountDomain": "<string>",
"loginAccountSid": "<string>",
"loginIsAdministratorEquivalent": "<string>",
"loginIsSuccessful": "<string>",
"loginType": "<string>",
"loginsUserName": "<string>",
"modulePath": null,
"moduleSha1": null,
"netEventDirection": null,
"registryKeyPath": null,
"registryOldValue": null,
"registryOldValueType": null,
"registryPath": null,
"registryValue": null,
"reportedAt": "2025-01-01T15:56:21.535999Z",
"source": "<string>",
"srcIp": null,
"srcMachineIp": null,
"srcPort": null,
"tiIndicatorComparisonMethod": null,
"tiIndicatorSource": null,
"tiIndicatorType": null,
"tiIndicatorValue": null,
"updatedAt": "2025-01-01T15:56:21.535999Z",
},
"containerInfo": {
"id": null,
"image": null,
"labels": null,
"name": null
},
"kubernetesInfo": {
"cluster": null,
"controllerKind": null,
"controllerLabels": null,
"controllerName": null,
"namespace": null,
"namespaceLabels": null,
"node": null,
"pod": null,
"podLabels": null
},
"ruleInfo": {
"description": null,
"id": "<string>",
"name": "<string>",
"queryLang": "<string>",
"queryType": "<string>",
"s1ql": "<string>",
"scopeLevel": "<string>",
"severity": "<string>",
"treatAsThreat": "<string>"
},
"sourceParentProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"sourceProcessInfo": {
"commandline": "<string>",
"effectiveUser": null,
"fileHashMd5": "<string>",
"fileHashSha1": "<string>",
"fileHashSha256": "<string>",
"filePath": "<string>",
"fileSignerIdentity": "<string>",
"integrityLevel": "<string>",
"loginUser": null,
"name": "<string>",
"pid": "<string>",
"pidStarttime": "2025-04-17T01:15:48.111000Z",
"realUser": null,
"storyline": "<string>",
"subsystem": "<string>",
"uniqueId": "<string>",
"user": "<string>"
},
"targetProcessInfo": {
"tgtFileCreatedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileHashSha1": null,
"tgtFileHashSha256": null,
"tgtFileId": null,
"tgtFileIsSigned": "<string>",
"tgtFileModifiedAt": "2025-01-01T15:56:21.535999Z",
"tgtFileOldPath": null,
"tgtFilePath": null,
"tgtProcCmdLine": null,
"tgtProcImagePath": null,
"tgtProcIntegrityLevel": "<string>",
"tgtProcName": null,
"tgtProcPid": null,
"tgtProcSignedStatus": null,
"tgtProcStorylineId": null,
"tgtProcUid": null,
"tgtProcessStartTime": "2025-04-17T01:15:48.111000Z"
}
}
],
"pagination": {
"nextCursor": null,
"totalItems": 23
}
}
Workflow Library Example
Get Alerts with Sentinelone and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?
Assistant
Responses are generated using AI and may contain mistakes.