SentinelOne - Disconnect Agent from Network
Details
This atomic belongs to the SentinelOne atomic group.
Disables network connectivity for one or more SentinelOne agents. You can either provide a single agent ID or a JSON-formatted list of agent IDs.
Target: SentinelOne integration target or an HTTP Endpoint for "your-tenant.sentinelone.net" with a path of "/web/api/v2.1"
Account Key: None if using an integration-provided target, API token if using an HTTP endpoint target
Steps:
[] Check if the input is a single ID or multiple
[] Generate the authorization header
[] Request network connectivity be disabled
[] Check if the API request succeeded:
[]> If it didn't, output an error
More information about this API can be found in the SentinelOne documentation
About
Integration
Authorship
Cisco Managed