SentinelOne#
SentinelOne_DeepVisibility_DNSQuery#
Author: Joe Vasquez
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- domain
- fqdn
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description#
Query Sentinel One Deep Visibility API v2.1 for hosts that have requested DNS lookups for a domain/URL/FQDN.
Configuration#
| s1_console_url | Console URL |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| s1_api_key | API Key, don't forget this will expire! |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| s1_account_id | Account ID |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| hours_ago | Number of hours ago for the fromDate of the query. ToDate will be now. Default is 12. |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | number |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
No template samples to display.
Last update:
March 9, 2023 19:18:24