Skip to main content
All CollectionsIntegrate Everything
SentinelOne
SentinelOne

Secure assets with SentinelOne's unified AI-driven platform and Torq's automated workflows.

Updated over a week ago

SentinelOne delivers autonomous security for endpoints, data centers, and cloud environments to help organizations secure their assets.

Use the SentinelOne integration to interact with core aspects directly from Torq workflows.

Create a SentinelOne Trigger Integration in Torq

  1. Go to Build > Integrations > Triggers > SentinelOne and click Add.

  2. Give the trigger a meaningful name. You will not be able to change this later.

  3. Under Authentication Headers click Add.

    1. Click Generate Random Secret and save the secret created.

  4. Click Add.

Create a SentinelOne API key

  1. Log in to your SentinelOne portal.

  2. In the upper-right corner, click the arrow next to your user name and select My User.

  3. Click Generate next to the API token.

  4. Download and copy the API key for later use.

Create a SentinelOne Steps Integration in Torq

To create the steps integration, you'll need your SentinelOne API key and the management URL

  1. Go to Build > Integrations > Steps > SentinelOne and click Add.

  2. Give the integration a meaningful name. This cannot be changed later.

  3. Enter the API key you created earlier.

  4. Enter your management URL without the https:// prefix. For example, <company-name>.sentineleone.net

  5. Click Add.

Premade Steps

  • Add note to threats

  • Broadcast message

  • Cancel deep visibility query

  • Connect to network

  • Create blacklist item

  • Create deep visibility query

  • Create exclusion

  • Create firewall control rule

  • Create hash exclusion

  • Delete blacklist item

  • Delete exclusion

  • Delete firewall rule by ID

  • Disconnect from network

  • Download file from activity

  • Execute remote script

  • Fetch file from agent

  • Fetch threat file

  • Get account policy

  • Get agents

  • Get blacklist items

  • Get deep visibility events

  • Get deep visibility query status

  • Get exclusions

  • Get firewall control protocols

  • Get firewall control rules

  • Get group policy

  • Get notes for threat

  • Get ranger table view

  • Get recent threats

  • Get remote script task status

  • Get script results URL

  • Get site

  • Get site policy

  • Get threats

  • Initiate scan

  • List activities

  • List activity types

  • List alerts

  • List remote scripts

  • List sites

  • Mitigate threats

  • Restart machine

  • Update alert analyst verdict

  • Update alert threat incident

  • Update blacklist item

  • Update firewall control rule

  • Update hash exclusion

  • Update threat incident

  • Upload logs

Related Articles
Armis
Elastic Security
Orca Security
Open a TheHive case triggered by SentinelOne findings - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Did this answer your question?