USM Anywhere™

Launching a SentinelOne Response Action

Role Availability Read-Only Analyst   Manager

When you review the information in the Alarm Details, Event Details, or Vulnerability Details, you can easily launch an actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. to send a request to your connected SentinelOne instance, adding source or destination IP information to existing SentinelOne ADOMs. If you want to apply an action to similar events that occur in the future, you can also create an orchestration rule after you apply the action.

To launch a SentinelOne response action for an alarm, event, or vulnerability

  1. Go to Activity > Alarms, Activity > Events, or Environment > Vulnerabilities.
  2. Click the alarm, event, or vulnerability to open the details.
  3. Click Select Action.
  4. In the Select Action dialog box, select Run SentinelOne Action.

  5. Select the app action and fill out the fields that are populated below.

  6. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

    If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar alarms or Create rule for similar events and define the new rule. If not, click OK.