Skip to main content
All CollectionsIntegrate Everything
SentinelOne
SentinelOne

Secure assets with SentinelOne's unified AI-driven platform and Torq's automated workflows.

Updated over a week ago

SentinelOne delivers autonomous security for endpoints, data centers, and cloud environments to help organizations secure their assets.

Use the SentinelOne integration to interact with core aspects directly from Torq workflows. SentinelOne steps within Torq include:

  • Add Note to Threats

  • Broadcast Message

  • Cancel Deep Visibility Query

  • Connect to Network

  • Create Blacklist Item

  • Create Custom Detection Rules

  • Create Deep Visibility Power Query

  • Create Exclusion

  • Delete Blacklist Item

  • Get Agents

  • +45 more...

Look here if you want to trigger a workflow based on events sent from SentinelOne.

Look here if you want to use SentinelOne steps in a workflow.

Trigger a Torq Workflow from SentinelOne Events

Create a SentinelOne Trigger Integration in Torq

  1. Go to Build > Integrations > Triggers > SentinelOne and click Add.

  2. Give the trigger a meaningful and unique name.

    1. You will not be able to change this later.

  3. Under Authentication Headers click Add.

    1. Click Generate Random Secret and save the secret created.

  4. Click Add.

Create a SentinelOne Singularity Marketplace App

  1. In SentinelOne, log in to your Management Console and click Singularity Marketplace.

  2. Search for Singularity Webhook and click Install.

  3. Fill out the relevant details:

    1. Toggle the Response Actions to Make Response Actions available as "Manual Response Actions" from Threats.

    2. Give the threat response action a unique and meaningful name, such as Torq Webhook.

    3. Give the threat response action a meaningful description such as Send response to Torq.

    4. Under the Automated Trigger Option, select which threats you want to be sent to the webhook.

    5. In the URL parameter, paste the webhook generated earlier in Torq.

    6. Under Action, select POST.

    7. In the Webhook Request Body parameter, select Full Threat Details.

  4. Click Next and select the access level for the app: Global, Account, or Site.

  5. Click Install.

Use SentinelOne Steps in a Torq Workflow

Create a SentinelOne API Key

  1. Log in to your SentinelOne portal.

  2. In the upper-right corner, click the arrow next to your user name and select My User.

  3. Click Generate next to the API token.

  4. Download and copy the API key for later use.

Create a SentinelOne Steps Integration in Torq

  1. Go to Build > Integrations > Steps > SentinelOne and click Add.

  2. Give the integration a meaningful name. This cannot be changed later.

  3. Enter the API key you created earlier.

  4. Enter your management URL without the https:// prefix. For example, <company-name>.sentineleone.net

  5. Click Add.

Related Articles
Elastic Security
Orca Security
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
monday.com
Did this answer your question?