From c91f4d9b0b762cee910a44b7343a259c1a43e65e Mon Sep 17 00:00:00 2001 From: rmurray-r7 Date: Wed, 8 Jan 2025 11:51:37 +0000 Subject: [PATCH] [SOAR-18473] SentinelOne 11.1.3 Release (fedRAMP) (#3014) * [SOAR-18473] SentinelOne - fedRAMP, SDK bump and vuln (#3010) * sentinelone - sdk and vuln * fix schema * SentinelOne validation checks (#3031) * Fix issue with input validation * Black formatting * Check for whitespace and change version back to 11.1.3 * Fix help.md --------- Co-authored-by: Conor <93926445+cmcnally-r7@users.noreply.github.com> --- plugins/sentinelone/.CHECKSUM | 8 +- plugins/sentinelone/Dockerfile | 2 +- plugins/sentinelone/bin/komand_sentinelone | 4 +- plugins/sentinelone/help.md | 17 +++-- .../tasks/monitor_logs/schema.py | 4 +- .../komand_sentinelone/util/helper.py | 20 ++++- plugins/sentinelone/plugin.spec.yaml | 76 ++++++++++++++++++- plugins/sentinelone/setup.py | 4 +- 8 files changed, 109 insertions(+), 26 deletions(-) diff --git a/plugins/sentinelone/.CHECKSUM b/plugins/sentinelone/.CHECKSUM index 1c6b28e0c2..9eb5741585 100644 --- a/plugins/sentinelone/.CHECKSUM +++ b/plugins/sentinelone/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "dac00ac144819c2b6ce56c06dcb348b6", - "manifest": "2f573b690ac68f509865a057c164c217", - "setup": "5188937ffa1bab0ae8d41c9584a192e2", + "spec": "c6927728c4f69ccd4bfba73202f850ec", + "manifest": "3c7c9830c5936c4ffed6adbaaf12722e", + "setup": "98419c249e2910502c36eb5144487ce4", "schemas": [ { "identifier": "activities_list/schema.py", @@ -129,7 +129,7 @@ }, { "identifier": "monitor_logs/schema.py", - "hash": "6ee7bc26267a2fd719aecccb08ec7f18" + "hash": "90852af2f999f070b9386c3f9cf6f953" }, { "identifier": "get_threats/schema.py", diff --git a/plugins/sentinelone/Dockerfile b/plugins/sentinelone/Dockerfile index a8b07648cd..131a50764e 100755 --- a/plugins/sentinelone/Dockerfile +++ b/plugins/sentinelone/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2 LABEL organization=rapid7 LABEL sdk=python diff --git a/plugins/sentinelone/bin/komand_sentinelone b/plugins/sentinelone/bin/komand_sentinelone index 8a09964571..501c4b181c 100755 --- a/plugins/sentinelone/bin/komand_sentinelone +++ b/plugins/sentinelone/bin/komand_sentinelone @@ -6,8 +6,8 @@ from sys import argv Name = "SentinelOne" Vendor = "rapid7" -Version = "11.1.2" -Description = "The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne" +Version = "11.1.3" +Description = "[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console" def main(): diff --git a/plugins/sentinelone/help.md b/plugins/sentinelone/help.md index 2443f55ebc..65a6b1ad01 100644 --- a/plugins/sentinelone/help.md +++ b/plugins/sentinelone/help.md @@ -2,7 +2,7 @@ [SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne. -This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console. +This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console # Key Features @@ -767,7 +767,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |errors|[]object|False|Errors|[]| -|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| +|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| Example output: @@ -884,8 +884,8 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | |errors|[]object|False|Errors|[]| -|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": true, "agentIp": "198.51.100.1", "agentIsActive": true, "agentIsDecommissioned": false, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": false, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": true, "agentIp": "198.51.100.1", "agentIsActive": true, "agentIsDecommissioned": false, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": false, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| - +|events|[]eventData|False|Response events data|[{"accountId": "1000000000000000000", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000000", "agentId": "1000000000000000000", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000000", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000000", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}, {"accountId": "1000000000000000001", "agentDomain": "WORKGROUP", "agentGroupId": "1000000000000000001", "agentId": "1000000000000000001", "agentInfected": True, "agentIp": "198.51.100.1", "agentIsActive": True, "agentIsDecommissioned": False, "agentMachineType": "laptop", "agentName": "Example Name", "agentNetworkStatus": "connected", "agentOs": "windows", "agentTimestamp": "2023-10-23T00:00:00.000Z", "agentUuid": "9de5069c5afe602b2ea0a04b66beb2c0", "createdAt": "2023-10-23T00:00:00.000Z", "endpointMachineType": "desktop", "endpointName": "Example Name", "endpointOs": "windows", "eventTime": "2023-10-23T00:00:00.000Z", "eventType": "Task Update", "id": "1000000000000000001", "isAgentVersionFullySupportedForPg": False, "isAgentVersionFullySupportedForPgMessage": "Example message", "lastActivatedAt": "2023-10-23T00:00:00.000Z", "objectType": "scheduled_task", "parentProcessUniqueKey": "ABCD1234", "pid": "1234", "processGroupId": "ABCD1234", "processIntegrityLevel": "INTEGRITY_LEVEL_UNKNOWN", "processStartTime": "2023-10-23T00:00:00.000Z", "processUniqueKey": "ABCD1234", "relatedToThreat": "False", "siteId": "1000000000000000001", "storyline": "ABCD1234", "taskName": "Example Name", "trueContext": "ABCD1234"}]| + Example output: ``` @@ -1023,7 +1023,7 @@ This action is used to gets summary of all threats |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\\\Device\\\\HarddiskVolume2\\\\Users\\\\vagrant\\\\Desktop\\\\EICA...", "maliciousGroupId": "1234567890"}]| +|data|[]threatData|False|Data|[{"agentOsType": "windows", "automaticallyResolved": False, "cloudVerdict": "black", "id": "1000000000000000000", "engines": ["reputation"], "fileContentHash": "3395856ce81f2b7382dee72602f798b642f14140", "fromCloud": False, "mitigationMode": "protect", "mitigationReport": {"quarantine": {"status": "success"}, "kill": {"status": "success"}}, "rank": 7, "siteName": "Example Site", "whiteningOptions": ["hash"], "agentComputerName": "vagrant-pc", "collectionId": "1000000000000000000", "createdAt": "2019-02-21T16:05:49.251201Z", "mitigationStatus": "active", "classificationSource": "Static", "resolved": True, "accountName": "Example Account", "fileVerificationType": "NotSigned", "siteId": "1000000000000000000", "fileIsExecutable": False, "fromScan": False, "agentNetworkStatus": "disconnecting", "createdDate": "2019-02-21T16:05:49.175000Z", "accountId": "1000000000000000000", "initiatedBy": "agentPolicy", "initiatedByDescription": "Agent Policy", "threatAgentVersion": "3.0.1.3", "username": "vagrant-pc\\vagrant", "agentVersion": "3.0.1.3", "classifierName": "STATIC", "fileExtensionType": "Executable", "agentDomain": "WORKGROUP", "fileIsSystem": False, "agentInfected": False, "isCertValid": False, "isInteractiveSession": False, "isPartialStory": False, "updatedAt": "2020-05-28T21:53:36.064425Z", "agentId": "1000000000000000000", "agentMachineType": "desktop", "classification": "Malware", "markedAsBenign": False, "threatName": "EICAR.com", "agentIsDecommissioned": True, "description": "malware detected - not mitigated yet (static engin...", "fileDisplayName": "EICAR.com", "agentIp": "198.51.100.1", "agentIsActive": False, "fileObjectId": "1234567890", "filePath": "\\Device\\HarddiskVolume2\\Users\\vagrant\\Desktop\\EICA...", "maliciousGroupId": "1234567890"}]| |errors|[]object|False|Errors|[]| |pagination|pagination|False|Pagination|{'totalItems': 1}| @@ -1400,7 +1400,7 @@ Example input: |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|agents|[]agentData|False|Detailed information about agents found|[{"accountId": "100000000000000000", "accountName": "Example Name", "activeThreats": 0, "agentVersion": "1.0.2.3", "allowRemoteShell": False, "appsVulnerabilityStatus": "up_to_date", "computerName": "hostname123", "consoleMigrationStatus": "N/A", "coreCount": 1, "cpuCount": 1, "cpuId": "CPU A0 v1 @ 3.00GHz", "createdAt": "2023-01-01T00:00:00.000000Z", "domain": "WORKGROUP", "encryptedApplications": False, "externalIp": "198.51.100.1", "firewallEnabled": True, "groupId": "100000000000000000", "groupIp": "1.2.3.x", "groupName": "Example Group", "id": "100000000000000000", "inRemoteShellSession": False, "infected": False, "installerType": ".exe", "isActive": True, "isDecommissioned": False, "isPendingUninstall": False, "isUninstalled": False, "isUpToDate": True, "lastActiveDate": "2023-01-01T00:00:00.000000Z", "lastIpToMgmt": "198.51.100.1", "locationEnabled": True, "locationType": "fallback", "locations": [{"id": "100000000000000000", "name": "Fallback", "scope": "global"}], "machineType": "server", "mitigationMode": "protect", "mitigationModeSuspicious": "detect", "modelName": "Example Model", "networkInterfaces": [{"id": "100000000000000000", "inet": ["198.51.100.1"], "inet6": ["2001:db8:1:1:1:1:1:1"], "name": "Ethernet", "physical": "12-34-56-67-89-12"}], "networkQuarantineEnabled": False, "networkStatus": "disconnected", "operationalState": "na", "operationalStateExpiration": "None", "osArch": "64 bit", "osName": "System Name", "osRevision": "9200", "osStartTime": "2023-01-01T00:00:00Z", "osType": "windows", "osUsername": "None", "rangerStatus": "NotApplicable", "rangerVersion": "None", "registeredAt": "2023-01-01T00:00:00.000000Z", "remoteProfilingState": "disabled", "remoteProfilingStateExpiration": "None", "scanAbortedAt": "None", "scanFinishedAt": "2023-01-01T00:00:00.000000Z", "scanStartedAt": "2023-01-01T00:00:00.000000Z", "scanStatus": "finished", "siteId": "100000000000000000", "siteName": "Example Site", "threatRebootRequired": False, "totalMemory": 1023, "updatedAt": "2023-01-01T00:00:00.000000Z", "uuid": "9de5069c5afe602b2ea0a04b66beb2c0"}]| +|agents|[]agentData|False|Detailed information about agents found|[{"accountId": "100000000000000000", "accountName": "Example Name", "activeThreats": 0, "agentVersion": "1.0.2.3", "allowRemoteShell": False, "appsVulnerabilityStatus": "up_to_date", "computerName": "hostname123", "consoleMigrationStatus": "N/A", "coreCount": 1, "cpuCount": 1, "cpuId": "CPU A0 v1 @ 3.00GHz", "createdAt": "2023-01-01T00:00:00.000000Z", "domain": "WORKGROUP", "encryptedApplications": False, "externalIp": "198.51.100.1", "firewallEnabled": True, "groupId": "100000000000000000", "groupIp": "1.2.3.x", "groupName": "Example Group", "id": "100000000000000000", "inRemoteShellSession": False, "infected": False, "installerType": ".exe", "isActive": True, "isDecommissioned": False, "isPendingUninstall": False, "isUninstalled": False, "isUpToDate": True, "lastActiveDate": "2023-01-01T00:00:00.000000Z", "lastIpToMgmt": "198.51.100.1", "locationEnabled": True, "locationType": "fallback", "locations": [{"id": "100000000000000000", "name": "Fallback", "scope": "global"}], "machineType": "server", "mitigationMode": "protect", "mitigationModeSuspicious": "detect", "modelName": "Example Model", "networkInterfaces": [{"id": "100000000000000000", "inet": ["198.51.100.1"], "inet6": ["2001:db8:1:1:1:1:1:1"], "name": "Ethernet", "physical": "12-34-56-67-89-12"}], "networkQuarantineEnabled": False, "networkStatus": "disconnected", "operationalState": "na", "operationalStateExpiration": "None", "osArch": "64 bit", "osName": "System Name", "osRevision": "9200", "osStartTime": "2023-01-01T00:00:00Z", "osType": "windows", "osUsername": "None", "rangerStatus": "NotApplicable", "rangerVersion": "None", "registeredAt": "2023-01-01T00:00:00.000000Z", "remoteProfilingState": "disabled", "remoteProfilingStateExpiration": "None", "scanAbortedAt": "None", "scanFinishedAt": "2023-01-01T00:00:00.000000Z", "scanStartedAt": "2023-01-01T00:00:00.000000Z", "scanStatus": "finished", "siteId": "100000000000000000", "siteName": "Example Site", "threatRebootRequired": False, "totalMemory": 1023, "updatedAt": "2023-01-01T00:00:00.000000Z", "uuid": "9de5069c5afe602b2ea0a04b66beb2c0"}]| Example output: @@ -1729,7 +1729,7 @@ This task is used to monitor for new activities, device control events, and thre |Name|Type|Required|Description|Example| | :--- | :--- | :--- | :--- | :--- | -|logs|[]object|False|List of activity, device control event, and threat logs within the specified time range|[{"id": "225494730938493804", "userId": "225494730938493804", "data": {"computer_name": "COMP_1234", "username": "my_user"}, "secondaryDescription": "string", "threatId": "225494730938493804", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "agentUpdatedVersion": "2.5.1.1320", "groupId": "225494730938493804", "hash": "string", "description": "string", "activityUuid": "string", "comments": "string", "activityType": 0, "agentId": "225494730938493804", "osFamily": "windows", "siteId": "225494730938493804", "primaryDescription": "string", "groupName": "string", "createdAt": "2018-02-27T04:49:26.257525Z"}, {"eventType": "string", "accessPermission": "Read-Only", "deviceClass": "02h", "deviceName": "string", "id": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "ruleId": "225494730938493804", "computerName": "JOHN-WIN-4125", "profileUuids": "string", "lastLoggedInUserName": "janedoe3", "deviceId": "02", "eventTime": "2018-02-27T04:49:26.257525Z", "serviceClass": "02", "interface": "USB", "agentId": "225494730938493804", "vendorId": "02", "uId": "02", "lmpVersion": "string", "eventId": "string", "createdAt": "2018-02-27T04:49:26.257525Z", "productId": "02", "minorClass": "string"}, {"mitigationStatus": [{"groupNotFound": False, "latestReport": "string", "mitigationStartedAt": "2018-02-27T04:49:26.257525Z", "action": "kill", "mitigationEndedAt": "2018-02-27T04:49:26.257525Z", "actionsCounters": {"total": 0, "success": 0, "notFound": 0, "failed": 0, "pendingReboot": 0}, "status": "success", "agentSupportsReport": False, "lastUpdate": "2018-02-27T04:49:26.257525Z", "reportId": "225494730938493804"}], "ecsInfo": {"taskAvailabilityZone": "string", "serviceArn": "string", "taskDefinitionArn": "string", "clusterName": "string", "taskDefinitionFamily": "string", "serviceName": "string", "version": "string", "taskDefinitionRevision": "string", "type": "string", "taskArn": "string"}, "agentDetectionInfo": {"agentIpV6": "string", "agentMitigationMode": "detect", "agentOsRevision": "string", "agentIpV4": "string", "agentLastLoggedInUpn": "string", "agentRegisteredAt": "2018-02-27T04:49:26.257525Z", "agentLastLoggedInUserName": "janedoe3", "accountId": "225494730938493804", "siteId": "225494730938493804", "agentLastLoggedInUserMail": "string", "groupName": "string", "agentOsName": "string", "siteName": "string", "agentVersion": "3.6.1.14", "agentDetectionState": "string", "groupId": "225494730938493804", "agentUuid": "string", "externalIp": "string", "accountName": "string", "cloudProviders": {}, "agentDomain": "mybusiness.net"}, "id": "225494730938493804", "agentRealtimeInfo": {"agentOsRevision": "string", "agentVersion": "3.6.1.14", "agentId": "225494730938493804", "agentMitigationMode": "detect", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "agentInfected": False, "agentDomain": "string", "agentNetworkStatus": "connected", "networkInterfaces": [{"name": "string", "id": "225494730938493804", "physical": "00:25:96:FF:FE:12:34:56", "inet": [{"type": "string"}], "inet6": [{"type": "string"}]}], "groupId": "225494730938493804", "agentComputerName": "string", "scanStartedAt": "2018-02-27T04:49:26.257525Z", "scanStatus": "none", "agentUuid": "string", "operationalState": "string", "scanFinishedAt": "2018-02-27T04:49:26.257525Z", "activeThreats": 0, "scanAbortedAt": "2018-02-27T04:49:26.257525Z", "agentDecommissionedAt": False, "agentOsName": "string", "rebootRequired": False, "agentIsActive": False, "siteId": "225494730938493804", "groupName": "string", "agentIsDecommissioned": False, "storageName": "string", "storageType": "string", "agentMachineType": "unknown", "userActionsNeeded": [{"type": "string", "example": "none", "enum": ["none", "user_action_needed", "reboot_needed", "upgrade_needed", "incompatible_os", "unprotected", "rebootless_without_dynamic_detection", "extended_exclusions_partially_accepted", "reboot_required", "pending_deprecation", "ne_not_running", "ne_cf_not_active"]}], "agentOsType": "windows"}, "containerInfo": {"image": "string", "name": "string", "id": "string", "labels": [{"type": "string"}], "isContainerQuarantine": False}, "threatInfo": {"mitigationStatus": "not_mitigated", "maliciousProcessArguments": "string", "initiatedByDescription": {"readOnly": True, "description": "Initiated by description"}, "analystVerdictDescription": {"readOnly": True, "description": "Analyst verdict description"}, "storyline": "a00637fa-e18d-9b80-e803-f370524f8085", "pendingActions": False, "engines": ["reputation", "pre_execution"], "threatId": "225494730938493804", "state": "running", "pendingActionsCounter": 0, "mitigationMode": "prevent", "automaticDetection": True, "storylineParentId": "225494730938493804", "threatLevel": "0", "targetOfDetection": "process", "evidenceUuid": "225494730938493804", "hidden": False, "siteName": "string", "initiatedBy": "string", "analystVerdict": "string", "organizationId": "225494730938493804", "evidenceId": "225494730938493804", "tags": ["string"], "detectorId": "225494730938493804", "pendingActionsType": "none", "threatName": "string", "fileInfo": {"fileMaliciousContent": "string", "fileType": "string", "fileCreatedAt": "2018-02-27T04:49:26.257525Z", "filePath": "string", "fileMd5": "string", "fileSize": "0", "fileSha1": "string", "fileSha256": "string", "fileMagic": "string", "fileIsExecutable": False, "fileExtension": "string", "fileMaliciousClassification": "string"}, "resolvedBy": "string", "organizationName": "string", "processInfo": {"parentCommandLine": "string", "parentPid": "0", "commandLine": "string", "parentProcessGroup": "string", "username": "string", "pid": "0", "command": "string", "processGroup": "string", "md5": "string", "sha1": "string", "sha256": "string"}, "reportedAt": "2018-02-27T04:49:26.257525Z", "secondaryDescription": "string", "siteId": "225494730938493804", "primaryDescription": "string"}}]| +|logs|[]object|False|List of activity, device control event, and threat logs within the specified time range|[{"id": "225494730938493804", "userId": "225494730938493804", "data": {"computer_name": "COMP_1234", "username": "my_user"}, "secondaryDescription": "string", "threatId": "225494730938493804", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "agentUpdatedVersion": "2.5.1.1320", "groupId": "225494730938493804", "hash": "string", "description": "string", "activityUuid": "string", "comments": "string", "activityType": 0, "agentId": "225494730938493804", "osFamily": "windows", "siteId": "225494730938493804", "primaryDescription": "string", "groupName": "string", "createdAt": "2018-02-27T04:49:26.257525Z"}, {"eventType": "string", "accessPermission": "Read-Only", "deviceClass": "02h", "deviceName": "string", "id": "225494730938493804", "updatedAt": "2018-02-27T04:49:26.257525Z", "ruleId": "225494730938493804", "computerName": "JOHN-WIN-4125", "profileUuids": "string", "lastLoggedInUserName": "janedoe3", "deviceId": "02", "eventTime": "2018-02-27T04:49:26.257525Z", "serviceClass": "02", "interface": "USB", "agentId": "225494730938493804", "vendorId": "02", "uId": "02", "lmpVersion": "string", "eventId": "string", "createdAt": "2018-02-27T04:49:26.257525Z", "productId": "02", "minorClass": "string"}, {"mitigationStatus": [{"groupNotFound": False, "latestReport": "string", "mitigationStartedAt": "2018-02-27T04:49:26.257525Z", "action": "kill", "mitigationEndedAt": "2018-02-27T04:49:26.257525Z", "actionsCounters": {"total": 0, "success": 0, "notFound": 0, "failed": 0, "pendingReboot": 0}, "status": "success", "agentSupportsReport": False, "lastUpdate": "2018-02-27T04:49:26.257525Z", "reportId": "225494730938493804"}], "ecsInfo": {"taskAvailabilityZone": "string", "serviceArn": "string", "taskDefinitionArn": "string", "clusterName": "string", "taskDefinitionFamily": "string", "serviceName": "string", "version": "string", "taskDefinitionRevision": "string", "type": "string", "taskArn": "string"}, "agentDetectionInfo": {"agentIpV6": "string", "agentMitigationMode": "detect", "agentOsRevision": "string", "agentIpV4": "string", "agentLastLoggedInUpn": "string", "agentRegisteredAt": "2018-02-27T04:49:26.257525Z", "agentLastLoggedInUserName": "janedoe3", "accountId": "225494730938493804", "siteId": "225494730938493804", "agentLastLoggedInUserMail": "string", "groupName": "string", "agentOsName": "string", "siteName": "string", "agentVersion": "3.6.1.14", "agentDetectionState": "string", "groupId": "225494730938493804", "agentUuid": "string", "externalIp": "string", "accountName": "string", "cloudProviders": {}, "agentDomain": "mybusiness.net"}, "id": "225494730938493804", "agentRealtimeInfo": {"agentOsRevision": "string", "agentVersion": "3.6.1.14", "agentId": "225494730938493804", "agentMitigationMode": "detect", "siteName": "string", "accountName": "string", "accountId": "225494730938493804", "agentInfected": False, "agentDomain": "string", "agentNetworkStatus": "connected", "networkInterfaces": [{"name": "string", "id": "225494730938493804", "physical": "00:25:96:FF:FE:12:34:56", "inet": [{"type": "string"}], "inet6": [{"type": "string"}]}], "groupId": "225494730938493804", "agentComputerName": "string", "scanStartedAt": "2018-02-27T04:49:26.257525Z", "scanStatus": "none", "agentUuid": "string", "operationalState": "string", "scanFinishedAt": "2018-02-27T04:49:26.257525Z", "activeThreats": 0, "scanAbortedAt": "2018-02-27T04:49:26.257525Z", "agentDecommissionedAt": False, "agentOsName": "string", "rebootRequired": False, "agentIsActive": False, "siteId": "225494730938493804", "groupName": "string", "agentIsDecommissioned": False, "storageName": "string", "storageType": "string", "agentMachineType": "unknown", "userActionsNeeded": [{"type": "string", "example": "none", "enum": ["none", "user_action_needed", "reboot_needed", "upgrade_needed", "incompatible_os", "unprotected", "rebootless_without_dynamic_detection", "extended_exclusions_partially_accepted", "reboot_required", "pending_deprecation", "ne_not_running", "ne_cf_not_active"]}], "agentOsType": "windows"}, "containerInfo": {"image": "string", "name": "string", "id": "string", "labels": [{"type": "string"}], "isContainerQuarantine": False}, "threatInfo": {"mitigationStatus": "not_mitigated", "maliciousProcessArguments": "string", "initiatedByDescription": {"readOnly": True, "description": "Initiated by description"}, "analystVerdictDescription": {"readOnly": True, "description": "Analyst verdict description"}, "storyline": "a00637fa-e18d-9b80-e803-f370524f8085", "pendingActions": False, "engines": ["reputation", "pre_execution"], "threatId": "225494730938493804", "state": "running", "pendingActionsCounter": 0, "mitigationMode": "prevent", "automaticDetection": True, "storylineParentId": "225494730938493804", "threatLevel": "0", "targetOfDetection": "process", "evidenceUuid": "225494730938493804", "hidden": False, "siteName": "string", "initiatedBy": "string", "analystVerdict": "string", "organizationId": "225494730938493804", "evidenceId": "225494730938493804", "tags": ["string"], "detectorId": "225494730938493804", "pendingActionsType": "none", "threatName": "string", "fileInfo": {"fileMaliciousContent": "string", "fileType": "string", "fileCreatedAt": "2018-02-27T04:49:26.257525Z", "filePath": "string", "fileMd5": "string", "fileSize": "0", "fileSha1": "string", "fileSha256": "string", "fileMagic": "string", "fileIsExecutable": False, "fileExtension": "string", "fileMaliciousClassification": "string"}, "resolvedBy": "string", "organizationName": "string", "processInfo": {"parentCommandLine": "string", "parentPid": "0", "commandLine": "string", "parentProcessGroup": "string", "username": "string", "pid": "0", "command": "string", "processGroup": "string", "md5": "string", "sha1": "string", "sha256": "string"}, "reportedAt": "2018-02-27T04:49:26.257525Z", "secondaryDescription": "string", "siteId": "225494730938493804", "primaryDescription": "string"}}]| Example output: @@ -2352,6 +2352,7 @@ Example output: # Version History +* 11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities | Fix issue with URL input validation * 11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant * 11.1.1 - Updated Plugin connection to improve `instance` input usability * 11.1.0 - Added connection test for task `Monitor Logs` | Update SDK @@ -2364,7 +2365,7 @@ Example output: * 8.1.0 - Added New actions: Fetch file for agent ID and Run remote script. Updated description for Trigger resolved field * 8.0.1 - Search Agents: Remove duplicate results when Case Sensitive is false * 8.0.0 - Connection: Added Service user (API only user type) authentication | Removed Basic Authentication -* 7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description +* 7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description * 7.0.0 - Add new actions Update Analyst Verdict and Update Incident Status | Fix Get Agent Details and Search Agents actions to handle more response scenarios | Add option to authentication with API key * 6.2.0 - New actions Create Query, Get Query Status, Cancel Running Query, Get Events, Get Events By Type * 6.1.0 - Add new actions Disable Agent and Enable Agent diff --git a/plugins/sentinelone/komand_sentinelone/tasks/monitor_logs/schema.py b/plugins/sentinelone/komand_sentinelone/tasks/monitor_logs/schema.py index 3cdfbc0241..86ffe4d536 100644 --- a/plugins/sentinelone/komand_sentinelone/tasks/monitor_logs/schema.py +++ b/plugins/sentinelone/komand_sentinelone/tasks/monitor_logs/schema.py @@ -43,9 +43,7 @@ class MonitorLogsOutput(insightconnect_plugin_runtime.Output): "type": "array", "title": "Logs", "description": "List of activity, device control event, and threat logs within the specified time range", - "items": { - "type": "object" - }, + "items": {}, "definitions": {} } """) diff --git a/plugins/sentinelone/komand_sentinelone/util/helper.py b/plugins/sentinelone/komand_sentinelone/util/helper.py index a62f93257e..babf1f8b47 100755 --- a/plugins/sentinelone/komand_sentinelone/util/helper.py +++ b/plugins/sentinelone/komand_sentinelone/util/helper.py @@ -83,10 +83,24 @@ def _wrapper(self, *args, **kwargs): def format_subdomain(instance: str) -> str: """ - If an input subdomain contains a scheme or the Sentinelone secondlevel domain, strip these values + If an input subdomain contains a scheme or the SentinelOne second-level domain, strip these values """ - instance = instance.replace(".sentinelone.net", "") - return instance.replace("https://", "").replace("http://", "") + + # Remove leading and trailing whitespace + instance = instance.strip() + + # Remove the scheme if it exists + if instance.startswith("http://"): + instance = instance[7:] + elif instance.startswith("https://"): + instance = instance[8:] + + # Remove the SentinelOne domain suffix + if ".sentinelone.net" in instance: + instance = instance.replace(".sentinelone.net", "") + + # Remove any trailing slashes + return instance.rstrip("/") class Helper: diff --git a/plugins/sentinelone/plugin.spec.yaml b/plugins/sentinelone/plugin.spec.yaml index e6d85cd4d9..511415fa0d 100644 --- a/plugins/sentinelone/plugin.spec.yaml +++ b/plugins/sentinelone/plugin.spec.yaml @@ -3,19 +3,51 @@ extension: plugin products: [insightconnect] name: sentinelone title: SentinelOne -version: 11.1.2 +description: "[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.\n\nThis plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console" +version: 11.1.3 connection_version: 10 cloud_ready: true fedramp_ready: true sdk: type: slim - version: 6.1.0 + version: 6.2.2 user: nobody supported_versions: ["2.1.0"] -description: The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne vendor: rapid7 support: rapid7 status: [] +key_features: + - "Get activities" + - "Get activity types" + - "Blacklist hashes" + - "Run agent actions" + - "Reload agent modules" + - "Get information about agents" + - "Search agents" + - "Get information about agent applications" + - "Create, get and cancel query" + - "Create IOC threat" + - "Enable and disable agent" + - "Fetch files" + - "Get events" + - "Get information about threats" + - "Manage threats" + - "Quarantine endpoints" + - "Run remote scripts" + - "Check account name availability" + - "Execute scans" + - "Trigger workflows on security alerts" +links: + - "[SentinelOne Product Page](https://www.sentinelone.com/)" +references: + - "[SentinelOne Product Page](https://www.sentinelone.com/)" +requirements: + - "SentinelOne API key" +troubleshooting: +- "To generate an API key, create a new Service User or select an existing one with adequate permissions from the SentinelOne console" +- "To convert `threat` into an array use Type Converter Plugin" +- "For the Trigger settings, only set the Resolved field to False if solely resolved threats should be retrieved (i.e. setting to False will not include unresolved threats)" +- "The Run Remote Script action may require starting a protected actions session to function properly. To do this, in the `code` input field, enter the passcode from a third-party app, such as Duo Mobile or Google Authenticator, set up in two-factor authentication. Entering the code is not required each time you run the action, because the session is valid for 30 minutes" resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/sentinelone license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE @@ -29,6 +61,44 @@ hub_tags: use_cases: [threat_detection_and_response] keywords: [sentinelone, endpoint, detection, cloud_enabled] features: [] +version_history: + - "11.1.3 - Updated SDK to the latest version (v6.2.2) | Address vulnerabilities | Fix issue with URL input validation" + - "11.1.2 - Resolve issue where unexpected timestamps returned from SentinelOne were not parsed in task `Monitor Logs` | Update plugin to be FedRAMP compliant" + - "11.1.1 - Updated Plugin connection to improve `instance` input usability" + - "11.1.0 - Added connection test for task `Monitor Logs` | Update SDK" + - "11.0.0 - Removed `Monitor Logs` task input options | Update SDK" + - "10.0.0 - Added `Monitor Logs` task | Removed `User Type` from connection | A Service User API Key must now be provided to provide enhanced security" + - "9.1.2 - Retry functionality added to requests to SenintelOne that result in a 429 (too many requests) or 503 (service unavailable) error." + - "9.1.1 - `Threats Fetch File`: Updated action to prevent possible movement through file system" + - "9.1.0 - `Move Agent to Another Site`: Action added" + - "9.0.0 - Update plugin to allow cloud connections to be configured | Rename URL input to Instance in connection | Code refactor" + - "8.1.0 - Added New actions: Fetch file for agent ID and Run remote script. Updated description for Trigger resolved field" + - "8.0.1 - Search Agents: Remove duplicate results when Case Sensitive is false" + - "8.0.0 - Connection: Added Service user (API only user type) authentication | Removed Basic Authentication" + - "7.1.0 - Update for Blacklist action: Fix for unblocked action | Update for Quarantine action: unification of the output data when action fails | Add troubleshooting information about use Type Converter | Mark as Benign action: update description" + - "7.0.0 - Add new actions Update Analyst Verdict and Update Incident Status | Fix Get Agent Details and Search Agents actions to handle more response scenarios | Add option to authentication with API key" + - "6.2.0 - New actions Create Query, Get Query Status, Cancel Running Query, Get Events, Get Events By Type" + - "6.1.0 - Add new actions Disable Agent and Enable Agent" + - "6.0.0 - Add `operational_state` field to input of Get Agent Details and Search Agent actions | Update schema to return new outputs such as Active Directory, firewall, location, and quarantine information for Get Agent Details and Search Agent actions | Use API version 2.1 | Update capitalization according to style in Activities List action for Created Than Date and Less Than Dates inputs to Greater than Date and Less than Date" + - "5.0.1 - Correct spelling in help.md" + - "5.0.0 - Consolidate various Agent actions | Use API version 2.1 where possible | Delete obsolete Blacklist by IOC Hash and Agent Processes" + - "4.1.1 - Update the Get Threat Summary action to return all threat summaries instead of 10" + - "4.1.0 - Add case sensitivity option for Agent lookups" + - "4.0.1 - Fix Agent Active parameter in Get Agent Details action | Update Quarantine action whitelist for IP addresses" + - "4.0.0 - Update ID input for Fetch Threats File action to a string" + - "3.1.0 - Add new action Fetch Threats File" + - "3.0.0 - Update help.md for the Extension Library | Update title in action Blacklist by IOC Hash, Get Activities, Count Summary and Connect to Network" + - "2.1.1 - Upgrade trigger Get Threats to only return threats since trigger start" + - "2.1.0 - Add `agent_active` field to input in action Search Agents" + - "2.0.0 - Upgrade trigger input Agent is Active to default true" + - "1.4.0 - New actions Quarantine, Get Agent Details, Search Agents" + - "1.3.0 - Add new action Blacklist" + - "1.2.2 - Update error message in Connection" + - "1.2.1 - Update to use the `komand/python-3-37-slim-plugin` Docker image to reduce plugin size" + - "1.2.0 - New spec and help.md format for the Extension Library | New actions activities_list, activities_types, agents_abort_scan, agents_connect, agents_decommission, agents_disconnect, agents_fetch_logs, agents_initiate, agents_processes, agents_reload, agents_restart, agents_shutdown, agents_summary, agents_uninstall, apps_by_agent_ids, name_available" + - "1.1.0 - New trigger Get Threats | New actions Mitigate Threat, Mark as Benign, Mark as Threat and Create IOC Threat" + - "1.0.1 - Update to add Blacklist by IOC Hash and Blacklist by Content Hash" + - "1.0.0 - Initial plugin" types: activityTypes: id: diff --git a/plugins/sentinelone/setup.py b/plugins/sentinelone/setup.py index 320ee14799..c6336ebd4e 100644 --- a/plugins/sentinelone/setup.py +++ b/plugins/sentinelone/setup.py @@ -3,8 +3,8 @@ setup(name="sentinelone-rapid7-plugin", - version="11.1.2", - description="The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne", + version="11.1.3", + description="[SentinelOne](https://www.sentinelone.com/) is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint. The SentinelOne plugin allows you to manage and mitigate all your security operations through SentinelOne.This plugin utilizes the SentinelOne API, the documentation is located in the SentinelOne console.", author="rapid7", author_email="", url="",