Skip to main content
All CollectionsTemplatesBasic
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template

For each new threat detected by SentinelOne, query Threat Intelligence data from VirusTotal and RecordedFuture and add notes to the threat

Updated over 6 months ago

This Torq workflow template automates threat detection and analysis by integrating SentinelOne with VirusTotal and Recorded Future. As threats are detected by SentinelOne, the workflow makes additional queries to collate threat intelligence, enriching the incident notes in SentinelOne with verdicts from VirusTotal and RecordedFuture. It further searches SentinelOne's Singularity XDR for related file hash findings, appending this critical information to the threat notes, empowering triage and response with deeper context.

Take Me to the Template

Trigger

SentinelOne

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Receive an event from the Singularity Webhook for each new threat in SentinelOne.

  2. Query VirusTotal and RecordedFuture to check for a verdict.

  3. Update the notes on the threat in SentinelOne with the enrichment results

  4. Run a query on Singularity XDR for other results for the same file hash

  5. Add XDR count and endpoint findings to the note for the threat in SentinelOne

Vendors

Utils, VirusTotal, SentinelOne, Recorded Future, Singularity XDR

Workflow Output

Updated Notes on the threat in SentinelOne

Related Articles
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Open a TheHive case triggered by SentinelOne findings - Workflow Template
Enrich SentinelOne Incident with Threat Intelligence from Intezer - Workflow Template
Threat Hunt for a Specified SHA1 Signature in SingularityXDR - Workflow Template
Create Torq Cases from SentinelOne Threats Reported in Chronicle - Workflow Template
Did this answer your question?