SentinelOne integration

This document describes integrating the Rezonate product with SentinelOne, which provides observability to on-premise hosts, users, and detection data.

Create Integration In Rezonate

Get your Webhook authentication Rezonate, this can be done via the Integrations Interface or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:

  • Click on the settings button on the top right menu.

  • Click on the Integration panel in Rezonate and then "New Integration".

  • Select S1 Integration and click Connect.

  • Select a name for the new integration (it can be any name) and click Save.

  • Take note of the webhook URL, we will use it in the next step.

Create Webhook Destination in S1

  • Select Singularity XDR Webhook, and click Configure.

  • Click and expand the dropdown menu:

    • Select the box under Response Actions: Make "Hooks" available as "Manual Response Actions" from Threats

    • Select the Name for the configuration.

    • Select "Options for triggering" and Paste the webhook created in Step 1 to the URL field

    • Select POST in Action, and choose Full Threat Details in Webhook Request Body

    • Insert the following header into the Headers

      {"Content-Type": "application/json"}
    • Select Always Send body

    • Click Next

  • Select your organization and site in the Access Level

  • Click Install.

Last updated