SentinelOne integration

This document describes integrating the Rezonate product with SentinelOne, which provides observability to on-premise hosts, users, and detection data.

Create Integration In Rezonate

Get your Webhook authentication Rezonate, this can be done via the Integrations Interface or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:

Click on the settings button on the top right menu.
Click on the Integration panel in Rezonate and then "New Integration".
Select S1 Integration and click Connect.

Select a name for the new integration (it can be any name) and click Save.
Take note of the webhook URL, we will use it in the next step.

Create Webhook Destination in S1

Select Singularity XDR Webhook, and click Configure.
Click and expand the dropdown menu:
- Select the box under Response Actions: Make "Hooks" available as "Manual Response Actions" from Threats
- Select the Name for the configuration.
- Select "Options for triggering" and Paste the webhook created in Step 1 to the URL field
- Select POST in Action, and choose Full Threat Details in Webhook Request Body
- Insert the following header into the Headers
  {"Content-Type": "application/json"}
- Select Always Send body
- Click Next
Select your organization and site in the Access Level
Click Install.

PreviousLastPass Integration NextSAP Cloud Platform Integration

Last updated 2 months ago