Execute Response Actions with SentinelOne

Configure the action connector for SentinelOne.

In this guide, you'll configure the integration between SentinelOne and Radiant to automatically run containment and remediation actions after endpoint attacks.

Available actions

The following actions are available after you set up the SentinelOne action connector. Keep in mind, additional permissions are required.

Isolate devices
Release devices from isolation
Block files
Run full disk scan

To be able to add the action connector, you will need to provide Radiant Security with the following values, from the data connector onboarding:

API Base URL (console URL). For example: https://usea1-swprd1.sentinelone.net
API Token

If you haven't configured the SentinelOne data connectors yet, check out the SentinelOne Deep Visibility and SentinelOne Singularity Data Lake guides.

Add the action connector in Radiant Security

Log in to Radiant Security.
From the navigation menu, select Settings > Action Connectors and click + Add Connector.
Select SentinelOne from the menu and click Credentials.
Add the following values from the previous section:
- API Base URL (console URL). For example: https://usea1-swprd1.sentinelone.net
- API Token
Click Add Connector to save the connector configuration.

PreviousSentinelOne Deep Visibility: Set the API Key Expiry NextSentinelOne Singularity Data Lake

Last updated 1 day ago

Was this helpful?

Good evening

hashtagAdd the action connector in Radiant Security

Add the action connector in Radiant Security