IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Response actions history Configure third-party response actions »
Elastic Docs Elastic Security Solution [8.13] Endpoint response actions

Third-party response actions

edit

Third-party response actions

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

SentinelOne response actions

edit

You can direct SentinelOne to perform response actions on protected hosts without leaving the Elastic Security UI. Prior configuration is required to connect Elastic Security with SentinelOne.

The following response actions and related features are supported for SentinelOne-protected hosts:

  • Isolate and release a host using any of these methods:

    • From a detection alert
    • From the response console

    Refer to the instructions on isolating and releasing hosts for more details.

  • View past response action activity in the response actions history log.
« Response actions history Configure third-party response actions »