Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Document the get-file response action availability for SentinelOne hosts #5359

Closed
2 tasks done
paul-tavares opened this issue Jun 10, 2024 · 1 comment
Closed
2 tasks done

[Request] Document the get-file response action availability for SentinelOne hosts #5359

paul-tavares opened this issue Jun 10, 2024 · 1 comment
Assignees
@joepeeples
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management

Comments

@paul-tavares
Copy link
Contributor

paul-tavares commented Jun 10, 2024
edited by joepeeples
Loading

Description

We are introducing the ability for users to do a get-file response action operation against SentinelOne hosts. The response action is very similar to the one already available for Endpoint with the only significant difference being the passcode used to access the ZIP file with the file contents. For SentinelOne that passcode is Elastic@123

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

The week of June 24 (target)

Feature differences

The feature is identical in all environments

API docs impact

No changes to API docs. The agent_type of sentinel_one is now accepted for the get-file api

Prerequisites, privileges, feature flags

  • A connector must be setup to SentinelOne
  • Env. is running Enterprise license (on ESS) or the Complete endpoint tier on serverless
  • user should have privileges in their role to perform file operations

Pull requests
Preview Give feedback
  1. SentinelOne get-file response action [serverless] #5444
    Docset: Serverless Feature: Response actions Team: EDR Workflows backport-skip ci:doc-build
    joepeeples
  2. SentinelOne get-file response action [classic] #5499
    Docset: ESS Feature: Response actions Team: EDR Workflows v8.15.0
    joepeeples
@joepeeples joepeeples self-assigned this Jun 10, 2024
@joepeeples joepeeples added Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management Feature: Response actions also includes response console Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release labels Jun 17, 2024
@joepeeples joepeeples mentioned this issue Jun 17, 2024
Merged
@joepeeples joepeeples mentioned this issue Jul 3, 2024
Merged
@joepeeples
Copy link
Contributor

joepeeples commented Jul 3, 2024
edited
Loading

Updated in both serverless and classic 8.15 docs, closing the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paul-tavares @joepeeples