Skip to main content

Poll for new SentinelOne Threats and Open a Torq Case - Workflow Template

Automatically pull new SentinelOne alerts on a schedule, then creates cases with a field mapper.

Updated yesterday

This workflow template automates cyber threat case management by scheduling regular checks for new SentinelOne alerts and creating Torq cases for each alert. Upon pulling alerts via the SentinelOne API, relevant alert details are mapped to a predefined case structure to ensure consistent and organized case information. This solution enhances an organization's responsiveness to threats, streamlines processes within security operations, and ensures all relevant threat data is captured and actioned within Torq's case management framework.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Establish a checkpoint to mark accurate beginning and end times.

  2. Pull alerts from SentinelOne API on schedule.

  3. Map alert fields to a predefined case layout.

  4. Create a case for each new alert.

Vendors

Utils, SentinelOne, Torq, Torq Cases

Workflow Output

create

Tips

Related Articles
Create Cases from SentinelOne Events found in Azure Sentinel - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Poll for New Microsoft Defender for Endpoint Events for Cases - Workflow Template
Poll for new CrowdStrike Alerts and Open a Torq Case - Workflow Template
Initial SentinelOne Case Creation - Workflow Template
Did this answer your question?