SentinelOne
Receive SentinelOne endpoint threat detection notifications via webhook.
Quick Setup
Copy Webhook URL
Go to your Alert24 dashboard and copy the webhook URL for SentinelOne.
Configure SentinelOne
Add the webhook URL in your SentinelOne settings.
Auto-Detected
Alert24 auto-detects SentinelOne payloads and maps them to incidents.
Step-by-Step Setup Instructions
SentinelOne Webhook Setup
Example Webhook Payload
This is a sample payload that SentinelOne sends to Alert24 when an alert fires.
{
"threatInfo": {
"threatStatus": "active",
"threatName": "Trojan.GenericKD.46789",
"classification": "Trojan",
"confidenceLevel": "malicious",
"threatId": "T-98765"
},
"agentRealtimeInfo": {
"agentComputerName": "WORKSTATION-042",
"agentOs": "Windows 10",
"siteName": "Production"
},
"createdAt": "2024-01-15T10:30:00Z"
}How Alert24 Maps SentinelOne Data
Status Field
threatInfo.threatStatus
Message Field
threatInfo.threatName
Auto-Create Incidents
Yes
Auto-Resolve Incidents
Yes
Status Mapping
| Alert24 Status | SentinelOne Values |
|---|---|
| operational | resolvedmitigated |
| down | activesuspicious |
Connect SentinelOne to Alert24 in minutes
Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.
More Security Integrations
Microsoft Defender for Cloud
InboundReceive Microsoft Defender for Cloud security alerts via Activity Log webhook.
Microsoft Sentinel
InboundReceive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.
Snyk
InboundReceive Snyk vulnerability and license issue alerts via webhook.
SonarQube
InboundReceive SonarQube quality gate and analysis notifications via webhook.
Trivy
InboundReceive Aqua Trivy container and IaC vulnerability scan results via webhook.
Falco
InboundReceive Falco runtime security alerts via HTTP output.