Actions for SentinelOne Singularity XDR #
- Send Data to SentinelOne Singularity XDR. Sends a custom set of Lucidum data to SentinelOne Singularity XDR.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to SentinelOne Singularity XDR on a regular schedule.
- You can send normalized, enriched Lucidum data to SentinelOne Singularity XDR to be indexed, searched, and analyzed.
Prerequisites #
To execute SentinelOne Singularity XDR actions, you must:
-
Configure a user account in SentinelOne Singularity XDR that has API permissions. The required parameters are described in the instructions for creating a Lucidum Connector for SentinelOne Singularity XDR. For details, see https://lucidum.io/docs/sentinelone-singularity-xdr/.
data-renderer-start-pos=”2296″>NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
SentinelOne Singularity XDR Configuration #
To create a configuration for SentinelOne Singularity XDR actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL for the SentinelOne API. For example, https://<sentinelone> domain>/web/api/v2.1
-
API Token. An API token for a SentinelOne account that has read and write access to API data.
-
Max # of Records per Payload. The maximum number of records to send to SentinelOne Singularity XDR in each action. The default value is “50”.
Create a New Action #
To create an action for SentinelOne Singularity XDR, contact Lucidum customer care.
