This workflow template is designed to facilitate the secure retrieval of files from SentinelOne endpoints. Aimed at enhancing cybersecurity and incident response practices, the workflow checks the activity status of a SentinelOne agent via Agent ID. It then requests the agent to upload a specified file, securing it with a password if necessary. If the agent is inactive, the workflow will wait for a pre-set period until the agent is available. The final output includes a link to the downloaded file within Torq, along with file integrity hashes and the password, offering a streamlined solution for secure file acquisition from SentinelOne managed endpoints.
Optional Triggers
"This workflow is intended to work as a nested workflow/function"
Use Cases
Function
Workflow Breakdown
Request Agent status by AgentID
Request the Agent to upload a file to SentinelOne Management given a file path and a password.
Downloads the file from SentinelOne Management and stores it as a file in Torq
If Agent is not active, workflow will wait a period of time until the agent is able to upload the file.
Vendors
Utils, SentinelOne
Workflow Output
Output contains the URL of the file inside Torq as a private or shareable link, file integrity hashes and the password if it was generated by the workflow.
Tips
If no password is provided, one will be generated per file.","Customize the waiting and checking period using context variables