Cisco Security and SentinelOne
How SentinelOne and Cisco Security work together
SentinelOne is a global leader in AI-powered security. SentinelOne’s Singularity™ Platform detects, prevents, and responds to cyber-attacks at machine speed, empowering organizations to secure endpoints, cloud workloads, containers, identities, and mobile and network-connected devices with speed, accuracy, and simplicity.
SentinelOne Singularity™ Data Lake is a data lake that centralizes and transforms data into actionable intelligence for security and log analytics. Singularity Data Lake provides a flexible enterprise IT and security operations solution for rapid ingestion and AI-assisted monitoring, investigation and response.
Product Integrations
Cisco Firepower: Improve threat detection and networking monitoring with data. Cisco Firepower threat intelligence is ingested into SentinelOne Singularity Data Lake and normalized into OCSF for use with other security data. This integration enables the data to be combined with other sources of threat information, providing analysts with a deeper and fuller picture of potential security threats within their network.
Cisco XDR: SentinelOne Singularity is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering. In Cisco XDR, we enable Singularity users to leverage it for threat hunting and investigation features, as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.
Cisco XDR Investigate: Use the SentinelOne integration to search for security detections involving specific hostnames, host GUIDs, filenames, paths, hashes, process names, and process arguments.
Cisco XDR Automate: SentinelOne can also be used through Cisco XDR to isolate hosts from the network and block file hashes on the endpoint.
- SentinelOne - Connect Agent to Network
- SentinelOne - Disconnect Agent from Network
- SentinelOne - Add Hash to Blocklist
- SentinelOne - Remove Hash from Blocklist
- SentinelOne - Get Vulnerability Summary for Assets
Cisco XDR Assets: This integration can also be used to provide host information, including vulnerability information for use in triaging incidents and detections.