Skip to main content
All CollectionsTemplatesIntermediate
Create Exclusions on Multiple SentinelOne Sites - Workflow Template
Create Exclusions on Multiple SentinelOne Sites - Workflow Template

Creates Exclusions for a list of path, browser or filetype Items. Exclusions can be created in one site or in multiple sites.

Updated over 6 months ago

This Torq workflow template allows organizations to automate the creation of exclusions on multiple SentinelOne sites effectively. Designed for Endpoint Detection and Response (EDR) purposes, it ensures the selected paths, browsers, or file types are excluded from detection processes across specified active sites. It precludes duplication by verifying exclusions don't pre-exist, streamlining the management of exclusion rules and enhancing security infrastructure efficiency.

Take Me to the Template

Optional Triggers

"This workflow is intended to be used as a nested function."

Use Cases

Endpoint Detection and Response (EDR) ,Function

Workflow Breakdown

  1. Verifies each Site ID to be from valid and active Site.

  2. Verifies the Exclusion does not already exists.

  3. Creates an exclusion with the selected type.

Vendors

Utils, SentinelOne

Workflow Output

New Exceptions are created on Sentinel One Management

Related Articles
Whitelist SHA1 Hashes on Multiple SentinelOne Sites - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Download a File from a SentinelOne Threat ID - Workflow Template
Create Cases from SentinelOne Events found in Azure Sentinel - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Did this answer your question?