Benefits
- Automate incident response and security policy through actions, playbooks, & cases
- Reduce time spent investigating threats
- Improve security analyst productivity by automating key tasks and shortening times to resolution
- Ingest and triage activity, event, and alert data from SentinelOne into Phantom
- Trigger Phantom playbooks (python scripts) to run and check security policy actions from SentinelOne; create custom playbooks in Phantom’s Visual Editor
- Enrich incident data like IP, hashes, filenames, URLs, process detail, etc. using SentinelOne Deep Visibility telemetry from within Phantom playbooks
- Respond by orchestrating SentinelOne convictions, including system rollback, in conjunction with other Phantom security solution apps and playbooks, all tracked and managed in Phantom’s case management