docs: add SentinelOne extension page#252
Draft
maximelb wants to merge 1 commit into
Draft
Conversation
Documents the ext-sentinelone extension (Integrations → Extensions → Third-Party): exposes the SentinelOne Management REST API to D&R rules and AI agents. - Typed actions for the high-frequency EDR flows: list/isolate/deisolate/ scan agents; list/mitigate threats and set verdict/incident/note; blocklist a SHA1; list activities/sites/accounts/groups. - The generic api_call passthrough for any endpoint not typed. - The no-implicit-all selector guard (ids or filter, never fleet-wide by accident), cursor pagination semantics, and the ApiToken auth model with hive:// secret references. Cross-links the existing SentinelOne adapter page (adapter delivers telemetry, extension writes back the response) from both sides. Wires the page into the third-party index, the mkdocs nav, and adds the ext-sentinelone readme.io redirect for the legacy slug. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documents the
ext-sentineloneextension under Integrations → Extensions → Third-Party, following the existing third-party extension pattern (HaloPSA / ThreatLocker).What's covered
list_agents,isolate_agent,deisolate_agent,scan_agent;list_threats,mitigate_threat,set_threat_verdict,set_threat_incident,add_threat_note;blocklist_hash;list_activities,list_sites,list_accounts,list_groups.api_callpassthrough for any endpoint not covered by a typed action.*_idsor afilter, so a fleet-wide action can't fire by accident), cursor pagination semantics, and theAuthorization: ApiTokenauth model withhive://secret references.Field tables are generated from the extension's
requestSchemas()/configSchema()inextension.go.Wiring
ext-sentinelonereadme.io redirect for the legacy slug.Draft — markdownlint-cli2 passes clean. Opened as draft for review before publish.
🤖 Generated with Claude Code