Sentinel One

Alert management can be performed automatically through a SentinelOne’s XDR Webhook with Prelude’s API.

  1. Get your Webhook authentication material from Prelude, this can be done via the Detect UI or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:
  • PreludeCLI: prelude partner generate-webhook SENTINELONE
  • Detect UI: Navigate to upper right corner and click on your username. Next, select "Integrations" and click "Settings" next to SentinelOne.
  1. Go the SentinelOne Singularity Martketplace and search for Webhook:

  1. Click “Configure” and paste in your:
  • API - (from step 1) -**account_number**

  • Secret - (from step 1) -

  • Description - sentinelone-webhook-auth

  • Headers:

    { "Accept": "application/json", "Content-Type": "application/json", "Token": "${Var1}" }
  • Custom Body Message:

  • {"incidentStatus":"${activity.threatInfo.incidentStatus}",

  1. Click Save and set your Scope of Access to your Account & Site ID for which you’ve enabled your Prelude Partner integration.
  2. Install to your specified site.
  3. Done!