Skip to main content

Workflow Template: QuickAction - Run a RemoteScript on a device with SentinelOne

Execute a RemoteScript on a remote device as a response to a QuickAction button.

Updated today

The "QuickAction - Run a RemoteScript on a device with SentinelOne" workflow template streamlines endpoint management by allowing SOC analysts to execute remote scripts directly on devices under investigation. This tool enhances incident response by facilitating script selection, input parameter configuration, and execution on targeted agents, ensuring efficient threat eradication and network security remediation.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR) , Remediate Network Security Alerts , Threat Hunting

Workflow Breakdown

  1. Read available scripts from SentinelOne.

  2. Let the user select a script and add necessary input parameters.

  3. Submit the script to be executed only on the agent analyzed in the case.

  4. Wait for the response, download it, and decode it.

Vendors

Scripting, Utils, HTTP, SentinelOne, Torq Cases

Related Articles
Workflow Template: QuickAction - Run a command on a device with MS Defender Endpoint
Workflow Template: QuickAction - Connect or Disconnect a SentinelOne Agent
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: QuickAction - Fetch a File from Device on SentinelOne
Workflow Template: Run remote script on devices with SentinelOne Agent
Did this answer your question?