InboundSecurity

SentinelOne + Alert24

Turn SentinelOne alerts into actionable incidents in Alert24, with on-call routing, escalations, and status updates.

Start Free Trial See Pricing

Receive SentinelOne endpoint threat detection notifications via webhook.

Auto-detected payloads

Alert24 recognizes SentinelOne webhooks out of the box and maps fields to incidents automatically.

On-call routing & escalations

Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.

Auto-updating status pages

Promote incidents to a public or private status page with one click and keep customers informed.

Change correlation & AI RCA

Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for SentinelOne.

Configure SentinelOne

Add the webhook URL in your SentinelOne settings.

Auto-Detected

Alert24 auto-detects SentinelOne payloads and maps them to incidents.

Step-by-Step Setup Instructions

SentinelOne Webhook Setup

1.In SentinelOne console, go to Settings → Integrations

2.Click Add Integration and select Webhook

3.Set the URL to the webhook URL shown above

4.Choose which notification types to forward (threats, policy updates, etc.)

5.Click Save and test the connection

Example Webhook Payload

This is a sample payload that SentinelOne sends to Alert24 when an alert fires.

{
  "threatInfo": {
    "threatStatus": "active",
    "threatName": "Trojan.GenericKD.46789",
    "classification": "Trojan",
    "confidenceLevel": "malicious",
    "threatId": "T-98765"
  },
  "agentRealtimeInfo": {
    "agentComputerName": "WORKSTATION-042",
    "agentOs": "Windows 10",
    "siteName": "Production"
  },
  "createdAt": "2024-01-15T10:30:00Z"
}