Skip to content

SentinelOne#

SentinelOne_DeepVisibility_DNSQuery#

Author: Joe Vasquez
License: AGPL-V3
Version: 1.0
Supported observables types:
- url
- domain
- fqdn
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Query Sentinel One Deep Visibility API v2.1 for hosts that have requested DNS lookups for a domain/URL/FQDN.

Configuration#

s1_console_url Console URL
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
s1_api_key API Key, don't forget this will expire!
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
s1_account_id Account ID
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
hours_ago Number of hours ago for the fromDate of the query. ToDate will be now. Default is 12.
Default value if not configured N/A
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.


Last update: October 21, 2022 15:12:21