Rezonate
  • 🏠Home
  • 🚩Platform Tour
    • 🇻🇳Platform Dashboard
    • 🆔Identity Analytics
      • 🪪Identity Centric
      • 🔡Identity By Platform
    • ⚠️Risks & Threats
      • Highlighted ITDR Capabilities
  • ℹ️How-to Guides
    • ➕Adding Integrations
    • 🤦Manage Users
    • 🧑‍💼Customize Exposures
    • 👁️‍🗨️Querying & Filtering Data
  • 📐Core Integrations
    • Azure Integration
      • Required Privilegees
      • Update Certificate for Existing Installation
    • Okta Integration
      • Okta Integration -Remediation Supported
    • Google Workspace
      • 1-Click Integration
      • Legacy Integration
    • Google Cloud Integration
    • Zoom Integration
    • DocuSign Integration
    • GitHub Integration
      • GitHub Enterprise Expansion
    • AWS Integration
      • AWS - Required Privileges
      • Log Streaming Integration
    • Salesforce Integration
      • Salesforce - Collected Data & Query Volume
    • JAMF Pro Integration
    • CircleCI Integration
    • Auth0 Integration
    • Cloudflare Integration
    • CrowdStrike Integration
      • Integrating Permissions
    • Slack Integration
    • Workday Integration
    • BambooHR Integration
    • Snowflake Integration
    • LastPass Integration
    • SentinelOne integration
    • SAP Cloud Platform Integration
    • GitLab Integration
    • Oracle NetSuite Integration
    • Atlassian Cloud Integration
    • Zendesk Integration
    • HiBob Integration
    • Microsoft Defender Integration
    • Docusign Integration
    • Mongo Atlas Integration
    • Ping Identity One Integration
    • Generic HRIS Integration
  • 📍Notifications & Alerts
    • Slack Integration
    • HTTP Webhook Integration
      • Webhook Alert Example - Saved Search
      • Webhook Alert Example- ITDR
    • Microsoft Teams Integration
    • Torq Integration
    • Email Integration
    • Splunk Integration
    • Datadog Integration
    • PagerDuty Integration
    • Jira Integration
  • 🆘Troubleshooting & Support
    • Collectors IP Ranges
    • Data Processing
      • AWS
      • Azure Active Directory
      • Azure Cloud
      • Google Workspace
    • SSO Integrations
      • SSO Login - Okta
      • SSO Login - AzureAd
  • 📓Legal & Terms
Powered by GitBook
On this page
  • Create Integration In Rezonate
  • Create Webhook Destination in S1
  1. Core Integrations

SentinelOne integration

This document describes integrating the Rezonate product with SentinelOne, which provides observability to on-premise hosts, users, and detection data.

PreviousLastPass IntegrationNextSAP Cloud Platform Integration

Last updated 9 months ago

Create Integration In Rezonate

Get your Webhook authentication Rezonate, this can be done via the Integrations Interface or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:

  • Click on the settings button on the top right menu.

  • Click on the Integration panel in Rezonate and then "New Integration".

  • Select S1 Integration and click Connect.

  • Select a name for the new integration (it can be any name) and click Save.

  • Take note of the webhook URL, we will use it in the next step.

Create Webhook Destination in S1

  • Select Singularity XDR Webhook, and click Configure.

  • Click and expand the dropdown menu:

    • Select the box under Response Actions: Make "Hooks" available as "Manual Response Actions" from Threats

    • Select the Name for the configuration.

    • Select "Options for triggering" and Paste the webhook created in Step 1 to the URL field

    • Select POST in Action, and choose Full Threat Details in Webhook Request Body

    • Insert the following header into the Headers

      {"Content-Type": "application/json"}
    • Select Always Send body

    • Click Next

  • Select your organization and site in the Access Level

  • Click Install.

📐