SentinelOne¶
SentinelOne Singularity™ Endpoint Integration¶
The goal of this document is to assist in configuring Clear NDR® to interact with SentinelOne Singularity Endpoint and provide WebHooks examples.
SentinelOne Singularity Configuration¶
In your SentinelOne Singularity dashboard, register an new OAuth
client to get the authentication token
Clear NDR® Configuration¶
Log in to Clear NDR® and navigate the Administration site by clicking on any words below Administration
on the left hand side:

In the Administration site, click on Integrations
in the drop down menu in the top left:

Create a WebHook that will send an API command to SentinelOne:
Variable |
Purpose |
---|---|
Name |
Name of the webhook you want to create |
Hook |
The alert you want to send to Sentinel One |
URL |
SentinelOne API URL |
Headers |
WebHook header |
HTTP Method |
The HTTP method expected by the API endpoint |
Template format |
The format of the request |
Template content |
The actual content of the request |
SentinelOne Webhooks examples¶
Webhook 1 - Send a message to the user
Name: S1TestMessage
Hook: Threat on Asset
URL: https://usea1-partners.sentinelone.net/web/api/v2.1/agents/actions/broadcast
Headers:
Content-Type: application/json
Authorization: ApiToken <Auth Token>
HTTP method: POST
Template format: Json
Template content:
{
"filter": {
"networkInterfaceInet__contains": "{{ asset.value }}"
},
"data": {
"message": "Threat '{{ threat.name }}' has been detected on your computer. Your network has been disconnected"
}
}
Verify HTTPS certificate: On
Use system proxy: On
Choose Tenant: Tick the relevant tenant
How this would look in Clear NDR®:

Webhook 2 - Isolate the machine
Name: S1Disconnect
Hook: Threat on Asset
URL: https://usea1-partners.sentinelone.net/web/api/v2.1/agents/actions/disconnect
Headers:
Content-Type: application/json
Authorization: ApiToken <Auth Token>
HTTP method: POST
Template format: Json
Template content:
{
"filter": {
"networkInterfaceInet__contains": "{{ asset.value }}",
"groupIds":"<Group ID>"
},
"data": {}
}
Verify HTTPS certificate: On
Use system proxy: On
Choose Tenant: Tick the relevant tenant