SentinelOne Incidents

Incident Response & Ticketing

SIEM & Analytics

Overview

SentinelOne delivers passive and active EDR security via AI threat detection and autonomous response. The OpenCTI SentinelOne Incidents connector will ingest alert data from SentinelOne into the OpenCTI threat intelligence platform. This integration enables security teams to centralise and enrich incident data from SentinelOne, facilitating comprehensive threat analysis and response. This version of the connector creates the following objects in correspondence with a SentinelOne Incident: - An Incident with all pivotal information - Observable of the affected endpoint - Attack Patterns corresponding to the MITRE Attack Patterns identified for the Incident - Notes based on the actual notes made for the Incident - Indicators for any hashes of malicious files - An external reference to the Incident in SentinelOne if deeper analysis is required.

Basic information

Integration documentation and codeSentinelOne Incidents

Visit the vendor's page to learn more and get in touchVendor Contact

Type

External import

Product minimum version>= 6.5.1