Sentinel One

Alert management can be performed automatically through a SentinelOne’s XDR Webhook with Prelude’s API.

1. Get your Webhook authentication material from Prelude, this can be done via the Detect UI or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:

• PreludeCLI: prelude partner generate-webhook SENTINELONE
• Detect UI: Navigate to upper right corner and click on your username. Next, select "Integrations" and click "Settings" next to SentinelOne.

2. Go the SentinelOne Singularity Martketplace and search for Webhook:

3. Click “Configure” and paste in your:

• API - (from step 1) - https://api.us1.preludesecurity.com/partner/suppress/4/**account_number**

• Secret - (from step 1) -

• Description - sentinelone-webhook-auth

• Headers:

  JSON

  { "Accept": "application/json", "Content-Type": "application/json", "Token": "${Var1}" }
  

• Custom Body Message:

• JSON

  {"incidentStatus":"${activity.threatInfo.incidentStatus}",
   "threatId":"${activity.threatInfo.threatId}", 
   "sha1":"${activity.threatInfo.sha1}", 
   "threatName":"${activity.threatInfo.threatName}", 
   "originatorProcess":"${activity.threatInfo.originatorProcess}"}
  
  

4. Click Save and set your Scope of Access to your Account & Site ID for which you’ve enabled your Prelude Partner integration.
5. Install to your specified site.
6. Done!