USM Anywhere™

AlienApp for SentinelOne Orchestration

The AlienApp for SentinelOne provides a set of orchestration actions that you can use to identify vulnerabilities and manage assets in your USM Anywhere environment. The following table lists the available actions from the AlienApp.

Actions for the AlienApp for SentinelOne
Action Function
Initiate Scan Initiate a full disk scan on the endpoint asset.
Mitigate Threats

Gives the option to kill, remediate, rollback, quarantine, or un-quarantine a threat based on the analyst verdict of the threat.

Add to Black List

Add a threat to the black list.

Scope of restrictions can be defined by account, group, or site.

Add to Exclusion List

Add threat to exclusion list.

Scope of restrictions can be defined by account, group, or site.

Exclusion is defined by type (certificate, path, or hash).

Disconnect Asset from Network

Disconnect asset from the network.

Reconnect Asset to Network Reconnect asset to the network.
Restart Machine Restart machine connected to the asset.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.