.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-04-20T12%3A29%3A09Z&se=2024-04-20T12%3A39%3A09Z&sp=r&sig=uaO9HY%2FuJkvhqIF8TLIyw5wiLbAQStWo7UuP%2FbzJaHc%3D){kind=logo}
SentinelOne - EC Isolate/Unisolate Assets
- 28 Jan 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
SentinelOne - EC Isolate/Unisolate Assets
- Updated on 28 Jan 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
SentinelOne - EC Isolate/Unisolate a Device isolates or unisolates assets from SentinelOne for:
- Assets that match the results of the selected saved query, and match the Enforcement Action Conditions, if defined or assets selected on the relevant asset page.
Note:
To use this option, you must successfully configure a SentinelOne adapter connection.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the SentinelOne Adapter - Select this option to use the first connected SentinelOne adapter credentials.
- Select Adapter Connection - Select which adapter connection to use for this Enforcement Action.
Required Settings
These fields must be configured to run the Enforcement Set.
Action Method - Select whether to isolate or unisolate the asset.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
## Additional Settings
These settings are optional.Use only when Use stored credentials from the SentinelOne Adapter is not used:
- SentinelOne Domain - The domain of the SentinelOne service.
- User Name - The username to use to access SentinelOne.
- Password - The password to use to access SentinelOne.
- API token - The API token used to access SentinelOne.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
Gateway Name - Select the gateway through which to connect to perform the action.
API
Axonius uses the SentinelOne API.
Required Permissions
The credentials supplied in User name must have write/admin permissions.
Was this article helpful?