About SentinelOne XDR
The SentinelOne Singularity is an XDR Platform that helps enterprises gain the visibility, analytics, and AI-driven automation they need to protect against known and unknown cyber threats.
SentinelOne Singularity XDR unifies AI-powered prevention (EPP), endpoint detection and response (EDR), containers, network attack surface management, and cloud workload protection in a single, autonomous XDR platform.
Together, SIRP and SentinelOne provide users with a single interface for quicker detection, investigation, and response. SIRP’s integration with SentinelOne Singularity XDR allows security teams to execute 700+ response actions across different security products.
Supported Actions
SIRP’s SentinelOne XDR integration app allows you to execute the following actions:
S.no | Action | Description |
1 | Add blacklist item | Add hashes to blacklist in SentinelOne XDR |
2 | Add threat to blacklist | Add threat to blacklist in SentinelOne XDR |
3 | Broadcast message | Broadcast message with SentinelOne XDR |
4 | Connect agent to network | Add new agent to network in SentinelOne XDR |
5 | Disable agent | Disable agent on network in SentinelOne XDR |
6 | Disconnect agent from network | Disconnect agent on network in SentinelOne XDR |
7 | Enable agent | Enable agent on network in SentinelOne XDR |
8 | Get alerts | Get new alerts from SentinelOne XDR |
9 | Get agent applications | Get agent applications from SentinelOne XDR |
10 | Get hash reputation | Get new hashes from SentinelOne XDR |
11 | Get threats | Get threat feeds from SentinelOne XDR |
12 | Initiate scan | Initiate scan on endpoints SentinelOne XDR |
13 | Mark alert as false positive | Mark alert as "false positive" in SentinelOne XDR |
14 | Mark alert as true positive | Mark alert as "true positive" in SentinelOne XDR |
15 | Mark alert as undefined | Mark alert as "undefined" in SentinelOne XDR |
16 | Mark alert incident status as in progress | Mark alert incident status as "in progress" in SentinelOne XDR |
17 | Mark alert incident status as resolved | Mark alert incident status as "resolved" in SentinelOne XDR |
18 | Mark alert incident status as unresolved | Mark alert incident status as "unresolved" in SentinelOne XDR |
19 | Mark threat as false positive | Mark threat as "false positive" in SentinelOne XDR |
20 | Mark threat as suspicious | Mark threat as "suspicious" in SentinelOne XDR |
21 | Mark threat as true positive | Mark threat as "true positive" in SentinelOne XDR |
22 | Mark threat as undefined | Mark threat as "undefined" in SentinelOne XDR |
23 | Mark threat incident status as in progress | Mark threat incident status as "in progress" in SentinelOne XDR |
24 | Mark threat incident status as resolved | Mark threat incident status as "resolved" in SentinelOne XDR |
25 | Mark threat incident status as unresolved | Mark threat incident status as "unresolved" in SentinelOne XDR |
26 | Validate sentinel item | Validate hashes in SentinelOne XDR |
Enable and Configure SentinelOne XDR
Create a new user on SentinelOne Instance
Log in to your SentinelOne Singularity XDR instance.
In the Settings tab from the dashboard, go to Users.
Create a New user and enter the Full Name and Email of the user.
Assign a Role to this new user.
Locate the API Token and click on Generate.
Generate API Token on SentinelOne Instance
A new window will be open with the token. Copy and download the token from this box to configure the SentinelOne XDR app within SIRP in the later steps.
Enable the SentinelOne XDR in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named SentinelOne XDR.
Enable the SentinelOne XDR by clicking on the toggle button under the Status Column.
Once you enable the App, click the configure option to integrate SIRP with SentinelOne
Add the following details and click Save:
Host: <URL from SentinelOne Instance>
Token: <Token generated and copied in the previous steps>
Account ID: <Account ID from SentinelOne Instance>
Configuration Name: <assigned by user>