Skip to main content

Workflow Template: Run remote script on devices with SentinelOne Agent

This Function enables the builder to enhance the remediation and threat hunting features by executing remote scripts on devices.

Updated today

The "Run remote script on devices with SentinelOne Agent" workflow template is designed to enhance threat hunting and remediation capabilities by executing scripts remotely on devices. This workflow allows users to submit scripts to multiple agents, retrieve execution results, and decode outputs efficiently. It is ideal for automating security tasks and improving response times in environments utilizing SentinelOne integrations.

Take Me to the Template

Optional Triggers

["This Workflow is intended to be used as a nested workflow."]

Use Cases

Function , Threat Hunting

Workflow Breakdown

  1. Takes input parameters: arrays of Agent IDs, ScriptID, Script Description, Integration name, and Task Description.

  2. Submits the script to be executed on the list of agents_ids.

  3. Waits for the response and downloads the response archive.

  4. Decodes output from UTF-16LE to UTF-8.

Vendors

Scripting, Utils, HTTP, SentinelOne

Workflow Output

Returns command output, stderr, and stdout as base64.

Related Articles
Workflow Template: Enrich SentinelOne Incident with Threat Intelligence from Intezer
Workflow Template: Download a File from a SentinelOne Endpoint
Workflow Template: QuickAction - Run a command on a device with MS Defender Endpoint
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: QuickAction - Run a RemoteScript on a device with SentinelOne
Did this answer your question?