Skip to main content
All CollectionsTemplatesBasic
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template

For each new threat detected by SentinelOne, query Threat Intelligence data from VirusTotal and RecordedFuture and add notes to the threat

Updated over 6 months ago

This Torq workflow template automates threat detection and analysis by integrating SentinelOne with VirusTotal and Recorded Future. As threats are detected by SentinelOne, the workflow makes additional queries to collate threat intelligence, enriching the incident notes in SentinelOne with verdicts from VirusTotal and RecordedFuture. It further searches SentinelOne's Singularity XDR for related file hash findings, appending this critical information to the threat notes, empowering triage and response with deeper context.

Trigger

SentinelOne

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Receive an event from the Singularity Webhook for each new threat in SentinelOne.

  2. Query VirusTotal and RecordedFuture to check for a verdict.

  3. Update the notes on the threat in SentinelOne with the enrichment results

  4. Run a query on Singularity XDR for other results for the same file hash

  5. Add XDR count and endpoint findings to the note for the threat in SentinelOne

Vendors

Utils, VirusTotal, SentinelOne, Recorded Future, Singularity XDR

Workflow Output

Updated Notes on the threat in SentinelOne

Did this answer your question?