Skip to main content

Workflow Template: Socrates Tool - Scan Device on SentinelOne

Enable Socrates to start a Full Disk Scan action on the device under investigation.

Updated this week

The "Socrates Tool - Scan Device on SentinelOne" workflow template is designed to streamline endpoint security by automating full disk scans on devices under investigation. This workflow is triggered when an Agent ID is provided, either directly by Socrates or retrieved from custom fields. It initiates a scan using SentinelOne, waits for a predefined period, and then checks the scan status. This process enhances threat detection and response capabilities, supporting case management and threat hunting activities.

Take Me to the Template

Use Cases

Case Management , Endpoint Detection and Response (EDR) , Threat Hunting

Workflow Breakdown

  1. This Workflows is triggered by Socrates adding an Agent ID as Parameter.

  2. If Socrates does not provide an Agent ID, workflow will look for the value in custom fields.

  3. Submit Scan action to SentinelOne.

  4. Waits a predefined time before looking-up for the status of the scan.

Vendors

Utils, SentinelOne, Torq Cases

Related Articles
Workflow Template: Threat Hunt for a Specified SHA1 Signature in SingularityXDR
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: QuickAction - Fetch a File from Device on SentinelOne
Workflow Template: Socrates Tool - List Remote Scripts in SentinelOne
Workflow Template: Socrates Tool - Run a RemoteScript on a device with SentinelOne
Did this answer your question?