Isolate potentially infected SentinelOne device (enforced by Endpoint)

The automation isolates SentinelOne devices with high severity infection such as malware or virus, detected by SentinelOne, to prevent the threat from spreading inside the organization. Automation parameters can be set such as the isolation duration, whether the isolation is automatic or upon administrators approval, and so on.

Supported Product

SentinelOne

Parameters

Device isolation duration (if admin's approval is required)	Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for device isolation checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval.
Device isolation duration (automatic prevention)	Set the expiration period for the automations that are executed automatically (without the administrator's approval). The default duration is 1 day.
Admin's approval is required for device isolation	Select the checkbox if you want administrator's approval to execute the automation. It is recommended that you leave the Admin's approval is required for device isolation checkbox unselected.
Open ticket if device was isolated	Select the checkbox if you want to open a ticket when device was isolated.

Trigger

Infected SentinelOne device.

To view the example of this log, click Run.

Isolate potentially infected SentinelOne device (enforced by Endpoint)

Supported Product

Parameters

Trigger

Flow