Setting up SentinelOne Integration with NordLayer
  • 1 Minute to read

    Setting up SentinelOne Integration with NordLayer


      Article summary

      This guide explains how to integrate SentinelOne with NordLayer to enhance security. This setup will automatically disconnect devices from NordLayer if they are flagged as malicious by SentinelOne, reducing the risk of unauthorized network access.

      Guide on integrating NordLayer with SentinelOne

      Step 1. Initiate the setup in the NordLayer Control Panel

      1. Log into the NordLayer Control Panel and click the Integrations tab on the left side

      Settings - Integrations - Default.png

      1. Toggle on the SentinelOne integration

      Settings - Integrations - Ennable.png

      1. A window will open with the URL and Secret token you’ll need to continue setup on SentinelOne dashboard.

      Step 2. Continue the setup on SentinelOne

      1. Keep the NordLayer window open, and in a new tab, log in to SentinelOne

      Sentinel-4.png

      1. Go to the Marketplace and find Singularity Webhook automation

      Sentinel-23.png

      1. Install the automation and click Add configuration
      • Threat Response Action 1 Name: Name it NordLayer integration
      • Threat Response Action 1 Description: Add a description noting it will instantly disconnect all active NordLayer sessions for users
      • Automation Trigger Options: Select Threats marked as True Positive
      • URL: Use the provided link from NordLayer Control panel integration setup
      • Action: Select POST
      • Webhook Request Body: Select Custom Body
      • Activity values: Add this code for specific threat values:
      { "agentRealtimeInfo": { "agentComputerName": "${activity.agentRealtimeInfo.agentComputerName}", "networkInterfaces": "${activity.agentRealtimeInfo.networkInterfaces}" } }
      
      • Headers: Add custom header:
      {"Authorization":"Bearer ${Var1}","Content-Type":"application/json","Accept":"application/json"}
      
      • Secret variable description: Enter: “Auth token”
      • Secret token: Use the secret token from NordLayer Control panel integration setup
      1. After completing these settings, confirm by clicking Add configuration.

      Step 3. Finalize the setup

      1. Once Webhook automation is added on the SentinelOne side, return to the NordLayer Control Panel

      Settings - Integrations - Ennable.png

      1. Click Finish setup to complete the integration.

      Once configured, the integration will work automatically, invalidating credentials for devices flagged as malicious by SentinelOne.


      Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.


      Was this article helpful?