This Torq workflow template automates threat detection and analysis by integrating SentinelOne with VirusTotal and Recorded Future. As threats are detected by SentinelOne, the workflow makes additional queries to collate threat intelligence, enriching the incident notes in SentinelOne with verdicts from VirusTotal and RecordedFuture. It further searches SentinelOne's Singularity XDR for related file hash findings, appending this critical information to the threat notes, empowering triage and response with deeper context.
Trigger
SentinelOne
Use Cases
Endpoint Detection and Response (EDR)
Workflow Breakdown
Receive an event from the Singularity Webhook for each new threat in SentinelOne.
Query VirusTotal and RecordedFuture to check for a verdict.
Update the notes on the threat in SentinelOne with the enrichment results
Run a query on Singularity XDR for other results for the same file hash
Add XDR count and endpoint findings to the note for the threat in SentinelOne
Vendors
Utils, VirusTotal, SentinelOne, Recorded Future, Singularity XDR
Workflow Output
Updated Notes on the threat in SentinelOne