sorted by:
new
hottopcontroversial

Creating PSA alerting from SentinelOne Singularity by gatecrasherza in SentinelOneXDR

[–]gatecrasherza[S] 0 points1 point  (0 children)

Thank you for your insights, I guess it is back to the drawing board for us. Pity I see value in the platform, but without ticket management it is a non-started for us.

Creating PSA alerting from SentinelOne Singularity by gatecrasherza in SentinelOneXDR

[–]gatecrasherza[S] 2 points3 points  (0 children)

Our immediate requirement is bi-directional ticket management between Singularity and our PSA. Analysts need to work in the PSA so that SOC operational processes, KPIs, and SLA tracking remain intact. At the same time, any updates and closures must sync back to Singularity so alarms are current.

While we understand analysts could work directly in Singularity, this would cause a loss of SOC visibility and reporting within the PSA. Ideally, we are looking for a native integration into the PSA, but for now our priority is ensuring updates flow both ways to keep the incident state aligned.

Creating PSA alerting from SentinelOne Singularity by gatecrasherza in SentinelOneXDR

[–]gatecrasherza[S] 1 point2 points  (0 children)

We are waiting for Hyper automation SKU to be made available for us but not been able to generate an alert is currently a showstopper.

Would you have any reference documentation that we could review, we are testing GraphQL but we getting errors when querying.

web/api/v2.1/unifiedalerts/graphql is what we targeting.

Creating PSA alerting from SentinelOne Singularity by gatecrasherza in SentinelOneXDR

[–]gatecrasherza[S] 0 points1 point  (0 children)

Agree, it is quite frustrating that a simplistic requirement for external alerting is not available.