The AlienApp for SentinelOne provides a set of orchestration actions that you can use to identify vulnerabilities and manage assets in your USM Anywhere environment. The following table lists the available actions from the AlienApp.
| Action | Function |
|---|---|
| Initiate Scan | Initiate a full disk scan on the endpoint asset. |
| Mitigate Threats |
Gives the option to kill, remediate, rollback, quarantine, or un-quarantine a threat based on the analyst verdict of the threat. |
| Add to Black List |
Add a threat to the black list. Scope of restrictions can be defined by account, group, or site. |
| Add to Exclusion List |
Add threat to exclusion list. Scope of restrictions can be defined by account, group, or site. Exclusion is defined by type (certificate, path, or hash). |
| Disconnect Asset from Network |
Disconnect asset from the network. |
| Reconnect Asset to Network | Reconnect asset to the network. |
| Restart Machine | Restart machine connected to the asset. |
To view information about these actions in USM Anywhere
- In USM Anywhere, go to Data Sources > AlienApps.
- Click the Available Apps tab.
- Search for the AlienApp, and then click the tile.
- Click the Actions tab to display information for the supported actions.
- Click the History tab to display information about the executed orchestration actions.
Feedback