Sentinel One

Suggest Edits

Alert management can be performed automatically through a SentinelOne’s XDR Webhook with Prelude’s API.

  1. Get your Webhook authentication material from Prelude, this can be done via the Detect UI or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:
  • PreludeCLI: prelude partner generate-webhook SENTINELONE
  • Detect UI: Navigate to upper right corner and click on your username. Next, select "Integrations" and click "Settings" next to SentinelOne.
  1. Go the SentinelOne Singularity Martketplace and search for Webhook:

  1. Click “Configure” and paste in your:

  • API - (from step 1) - https://api.us1.preludesecurity.com/partner/suppress/4/**account_number**

  • Secret - (from step 1) -

  • Description - sentinelone-webhook-auth

  • Headers: 

    { "Accept": "application/json", "Content-Type": "application/json", "Token": "${Var1}" }

  • Custom Body Message: 

  • {"incidentStatus":"${activity.threatInfo.incidentStatus}",
 "threatId":"${activity.threatInfo.threatId}", 
 "sha1":"${activity.threatInfo.sha1}", 
 "threatName":"${activity.threatInfo.threatName}", 
 "originatorProcess":"${activity.threatInfo.originatorProcess}"}

  1. Click Save and set your Scope of Access to your Account & Site ID for which you’ve enabled your Prelude Partner integration.
  2. Install to your specified site.
  3. Done!

Updated 3 months ago