Response Actions for SentinelOne
- 15 Dec 2025
- 1 Minute to read
- PDF
Response Actions for SentinelOne
- Updated on 15 Dec 2025
- 1 Minute to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
The following response actions are available for SentinelOne in the Red Canary Automation interface:
Ban File Hashes (IOC)
Ban IP Addresses (IOC)
Isolate Endpoint
Deisolate Endpoint
Delete/Capture Files (IOC)
The Collect Forensics and Delete/Capture Files actions each require you to activate an add-on in SentinelOne.
Red Canary Response Action | Required SentinelOne Add-on |
|---|---|
Collect Forensics | RemoteOps Forensics |
Delete/Capture Files (IOC) | Remote Script Orchestration |
You can activate these add-ons in SentinelOne as follows:
Log in to your SentinelOne Management Console.
On the navigation menu, click Settings, then go to the Sites tab and locate the account integrated with Red Canary.
Check the box next to the account, then select Edit site from the Actions dropdown.
Scroll down to the Add-ons section and select the add-on you want to activate (Remote Script Orchestration or RemoteOps Forensics).
Note: If these add-ons aren’t listed for your site, you’ll need to contact SentinelOne to request them.
Click Save Changes.
Was this article helpful?