Skip to main content
All CollectionsTemplatesBasic
Download a File from a SentinelOne Threat ID - Workflow Template
Download a File from a SentinelOne Threat ID - Workflow Template

Fetch a file from a SentinelOne Threat ID and encrypt it with the provided password with a link to download.

Updated over a week ago

Ensure prompt handling of cyber threats by utilizing the "Download a File from a SentinelOne Threat ID" workflow template in Torq. This essential procedure for Endpoint Detection and Response (EDR) streamlines the secure extraction of flagged files for investigation. It starts by configuring SentinelOne URLs, checks the validity of the threat ID, and ensures the agent is online. If the agent is offline, the workflow waits for a set duration for reconnection. Files are fetched from the online agent and securely stored within Torq, either privately or with a shareable link if required. This efficient process aids cybersecurity teams in promptly responding to and analyzing potential threats within their digital environments.

Optional Triggers

"This workflow is intended to be used a a Function"

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Setup the SentinelOne URL in the Workflow Context to match your environment

  2. Verify the Threat ID is valid and the agent is online so the file can be downloaded

  3. If Agent is not online, workflow will wait for a specific range of time to wait for the agent to be reachable.

  4. Fetch the file from the agent, and save it as a private or public file in Torq.

Vendors

Utils, SentinelOne

Workflow Output

Output contains filename, hashes and URL for the file as a private or public link.

Did this answer your question?