Skip to main content
All CollectionsIntegrate Everything
SentinelOne
SentinelOne

Secure assets with SentinelOne's unified AI-driven platform and Torq's automated workflows.

Updated over 2 weeks ago

SentinelOne is an AI-powered security platform that can help you detect, prevent, and respond to advanced cyber threats.

Torq enables quick and easy integration with SentinelOne, so you can automate anything and everything within moments. Torq's public SentinelOne steps include:

  • Get notes for threat

  • Get exclusions

  • Update Firewall Control Rule

  • Create Custom Detection Rules

  • +51 more...

If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.

To trigger a Torq workflow based on events sent from SentinelOne, look here.

To use SentinelOne steps in Torq workflows, look here.

Use SentinelOne to Trigger Workflows in Torq

Step One: Create a SentinelOne Trigger Integration in Torq

  1. Navigate to Integration: Go to Build > Integrations > Triggers > SentinelOne and click Add.

  2. Fill in the Details:

    1. Give the integration a unique and meaningful name.

    2. Under Authentication Headers click Add.

      1. Give the secret a name.

      2. Click Generate Random Secret.

  3. Finalize: Click Save.

Step Two: Create a SentinelOne Singularity Marketplace Webhook

  1. Go to SentinelOne: Log in to your Sentinel Management Console.

  2. Go to Singularity Marketplace: In the top toolbar, select Singularity Marketplace.

  3. Install a Webhook: Select the Singularity Webhook to open the webhook page in the catalog.

    1. Click Install to add a new configuration.

  4. Add a New Configuration:

    1. Response Actions: Toggle to Make Response Actions available as "Manual Response Actions" from Threats.

    2. Fill in the details for each threat response action:

      1. Name: Give the threat response action a unique and meaningful name.

      2. Description: Give a useful description.

      3. Automated Trigger Option Dropdown: Select which threats you want to be sent to the webhook.

      4. URL: Paste the endpoint URL from the SentinelOne integration you created in Torq from step one.

      5. Action Dropdown: Select POST.

      6. Webhook Request Body Dropdown: Select Full Threat Details.

  5. Finalize: Click Install.

Now that you've successfully created a SentinelOne trigger, you can build your first SentinelOne-initiated workflow!

In Torq, go to Build > Workflows > Create a Workflow > New Blank Workflow, and select the trigger type: Integrations > SentinelOne. Find your new trigger, and automate away!

Use SentinelOne Steps in Torq

Step One: Create a SentinelOne API Key

  1. Sign in to SentinelOne: Login to your SentinelOne portal with admin rights.

  2. Create a Token:

    1. Select the dropdown menu arrow next to your user name and select My User.

    1. Go to Actions > API Token Operations > Generate API Token.

  3. Save Token: Copy the API token and save it to use later in Torq.

  4. Finalize: Click Close.

Step Two: Create a SentinelOne Steps Integration in Torq

  1. Navigate to Integration: Go to Build > Integrations > Steps > SentinelOne and click Add.

  2. Fill in the Details:

    1. Give the integration a unique and meaningful name.

    2. In the API Key field, paste the SentinelOne API key that you created previously in step one.

    3. In the SentinelOne Management URL field, paste the section of the URL from your company's SentinelOne app (ex. usea1-partners.sentinelone.net).

  3. Finalize: Click Add.

Templates

Now that you've added your integrations, check out these specially crafted templates by Torq's security experts. Visit Torq's template library for more.

Related Articles
Armis
CrowdStrike
Orca Security
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
monday.com
Did this answer your question?