SentinelOne
SentinelOne_DeepVisibility_DNSQuery
Author: Joe Vasquez
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- domain
- fqdn
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Query Sentinel One Deep Visibility API v2.1 for hosts that have requested DNS lookups for a domain/URL/FQDN.
Configuration
| s1_console_url |
Console URL |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| s1_api_key |
API Key, don't forget this will expire! |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| s1_account_id |
Account ID |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| hours_ago |
Number of hours ago for the fromDate of the query. ToDate will be now. Default is 12. |
| Default value if not configured |
N/A |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
Templates samples for TheHive
No template samples to display.