Skip to main content

Workflow Template: Poll for new SentinelOne Threats and Open a Torq Case

Automatically pull new SentinelOne alerts on a schedule, then create cases using the field mapping nested workflow.

Updated yesterday

The "Poll for new SentinelOne Threats and Open a Torq Case" workflow template is designed to streamline threat management by automatically retrieving new alerts from the SentinelOne API on a scheduled basis. It maps alert fields to a predefined case layout and creates a Torq case for each new alert, ensuring efficient case management and response. This workflow is ideal for organizations looking to enhance their incident response capabilities by integrating SentinelOne alerts into their case management system seamlessly.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Establish a checkpoint to mark accurate beginning and end times.

  2. Pull alerts from SentinelOne API on schedule.

  3. Map alert fields to a predefined case layout.

  4. Create a case for each new alert.

Vendors

Utils, SentinelOne, Torq, Torq Cases

Workflow Output

create

Tips

Related Articles
Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases
Workflow Template: Poll Microsoft Outlook on a Schedule for New Messages for Cases
Workflow Template: Poll for new CrowdStrike Alerts and Open a Torq Case
Workflow Template: Initial CrowdStrike Case Creation
Workflow Template: Initial SentinelOne Case Creation
Did this answer your question?