Skip to main content

QuickAction - Scan Device on SentinelOne - Workflow Template

Quickly start a Full Disk Scan a Device with SentinelOne Agent using a single QuickAction button.

Updated this week

The "QuickAction - Scan Device on SentinelOne" workflow template streamlines endpoint security by enabling rapid initiation of a Full Disk Scan on devices using SentinelOne Agent. Designed for case management and threat hunting, this workflow triggers upon Quick Action execution, sending scan commands and updating case notes with results. Ideal for enhancing Endpoint Detection and Response (EDR) efficiency, it supports frameworks like MITRE and NIST.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR) , Threat Hunting

Workflow Breakdown

  1. Runs in response of a Quick Action execution.

  2. Send a Full Disk Scan command to SentinelOne Agent

  3. Add a Note to the Case with the result of the action.

Vendors

Utils, SentinelOne, Torq Cases

Workflow Output

Scan initiation status and timestamp.

Related Articles
Workflow Template: Open a TheHive case triggered by SentinelOne findings
Workflow Template: Threat Hunt for a Specified SHA1 Signature in SingularityXDR
Download a File from a SentinelOne Endpoint - Workflow Template
Workflow Template: QuickAction - Scan Device on MS Defender for Endpoint
QuickAction - Connect or Disconnect a SentinelOne Agent - Workflow Template
Did this answer your question?