Actions
Mitigate Threats
Apply a mitigation action to a group of threats that match the filter. Your user role must have permissions to mitigate threats - Admin, IR Team, SOC. Only threats which you have permission to mitigate are countedas “affected” in response field.
You must use one of the filters before executing the action.
Basic Parameters
Parameter | Description |
---|---|
Action | Choose the mitigation action to apply. |
Agents IDs | A list of agent IDs to filter by. |
Threats IDs | List of threats IDs to filter by. |
Advanced Parameters
Parameter | Description |
---|---|
Account IDs | List of account IDs to filter by. |
Analyst Verdicts | Filter threats by an analyst verdict.Options: false_positive suspicious true_positive undefined |
Incident Statuses | Filter threats by a specific incident status. Options: in_progress resolved unresolved |
Example Output
Workflow Library Example
Mitigate Threats with Sentinelone and Send Results Via Email
Preview this Workflow on desktop
Was this page helpful?