Sentinel One
Alert management can be performed automatically through a SentinelOne’s XDR Webhook with Prelude’s API.
- Get your Webhook authentication material from Prelude, this can be done via the Detect UI or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:
- PreludeCLI:
prelude partner generate-webhook SENTINELONE
- Detect UI: Navigate to upper right corner and click on your username. Next, select "Integrations" and click "Settings" next to SentinelOne.
- Go the SentinelOne Singularity Martketplace and search for Webhook:
- Click “Configure” and paste in your:
-
API - (from step 1) - https://api.us1.preludesecurity.com/partner/suppress/4/**account_number**
-
Secret - (from step 1) -
-
Description - sentinelone-webhook-auth
-
Headers:
{ "Accept": "application/json", "Content-Type": "application/json", "Token": "${Var1}" }
-
Custom Body Message:
-
{"incidentStatus":"${activity.threatInfo.incidentStatus}", "threatId":"${activity.threatInfo.threatId}", "sha1":"${activity.threatInfo.sha1}", "threatName":"${activity.threatInfo.threatName}", "originatorProcess":"${activity.threatInfo.originatorProcess}"}
- Click Save and set your Scope of Access to your Account & Site ID for which you’ve enabled your Prelude Partner integration.
- Install to your specified site.
- Done!
Updated 11 months ago