Third-party response actions
Respond to threats on hosts enrolled in third-party security systems.
Technical preview
You can perform response actions on hosts enrolled in other third-party endpoint protection systems, such as CrowdStrike or SentinelOne. For example, you can direct the other system to isolate a suspicious endpoint from your network, without leaving the Elastic Security UI.
Requirements
-
Third-party response actions require the Endpoint Protection Complete project feature.
-
Each response action type has its own user role privilege requirements. Find an action's role requirements at Endpoint response actions.
Supported systems and response actions
The following third-party response actions are supported for CrowdStrike and SentinelOne. Prior configuration is required to connect each system with Elastic Security.
These response actions are supported for CrowdStrike-enrolled hosts: