Skip to main content
All CollectionsTemplatesIntermediate
Download a File from a SentinelOne Endpoint - Workflow Template
Download a File from a SentinelOne Endpoint - Workflow Template

Downloads a file from a Sentinel One agent given an AgentID a file path and a password. File does not need to be part of an Incident.

Updated over a week ago

This workflow template is designed to facilitate the secure retrieval of files from SentinelOne endpoints. Aimed at enhancing cybersecurity and incident response practices, the workflow checks the activity status of a SentinelOne agent via Agent ID. It then requests the agent to upload a specified file, securing it with a password if necessary. If the agent is inactive, the workflow will wait for a pre-set period until the agent is available. The final output includes a link to the downloaded file within Torq, along with file integrity hashes and the password, offering a streamlined solution for secure file acquisition from SentinelOne managed endpoints.

Optional Triggers

"This workflow is intended to work as a nested workflow/function"

Use Cases

Function

Workflow Breakdown

  1. Request Agent status by AgentID

  2. Request the Agent to upload a file to SentinelOne Management given a file path and a password.

  3. Downloads the file from SentinelOne Management and stores it as a file in Torq

  4. If Agent is not active, workflow will wait a period of time until the agent is able to upload the file.

Vendors

Utils, SentinelOne

Workflow Output

Output contains the URL of the file inside Torq as a private or shareable link, file integrity hashes and the password if it was generated by the workflow.

Tips

If no password is provided, one will be generated per file.","Customize the waiting and checking period using context variables

Did this answer your question?