Mitigate Threats

6 min

description apply a specified mitigation action to identified threats in sentinelone using 'action' and 'filter' parameters endpoint url /web/api/v2 1/threats/mitigate/{{action}} method post inputs path parameters (object) – required action (string) – required json body (object) – required filter (object) – required k8spodlabels contains (array) updatedat gte (string) awssubnetids contains (array) agentmachinetypes (array) cloudaccount contains (array) agentversions (array) siteids (array) classificationsourcesnin (array) storylines (array) detectionagentversion contains (array) createdat lt (string) resolved (boolean) mitigatedpreemptively (boolean) detectionengines (array) threatdetails contains (array) storyline contains (array) agentversionsnin (array) originatedprocess contains (array) tenant (boolean) cloudprovider (array) pendingactions (boolean) agentids (array) detectionagentdomain contains (array) incidentstatusesnin (array) updatedat gt (string) gcpserviceaccount contains (array) k8snodename contains (array) classifications (array) ids (array) classificationsnin (array) confidencelevels (array) classificationsources (array) osarchs (array) limit (number) k8sclustername contains (array) publishername contains (array) k8scontrollerlabels contains (array) externalticketid contains (array) cloudinstancesize contains (array) cloudinstanceid contains (array) k8snamespacelabels contains (array) noteexists (boolean) k8snodelabels contains (array) uuid contains (array) updatedat lt (string) osnames (array) azureresourcegroup contains (array) confidencelevelsnin (array) createdat gt (string) enginesnin (array) groupids (array) collectionids (array) k8spodname contains (array) accountids (array) analystverdicts (array) k8scontrollername contains (array) cloudprovidernin (array) mitigationstatusesnin (array) ostypes (array) detectionenginesnin (array) initiatedbynin (array) k8snamespacename contains (array) cloudimage contains (array) query (string) containerimagename contains (array) ostypesnin (array) contenthash contains (array) agentmachinetypesnin (array) rebootrequired (boolean) commandlinearguments contains (array) realtimeagentversion contains (array) createdat lte (string) initiatedbyusername contains (array) failedactions (boolean) containerlabels contains (array) cloudlocation contains (array) mitigationstatuses (array) createdat gte (string) awssecuritygroups contains (array) agentisactive (boolean) engines (array) awsrole contains (array) updatedat lte (string) containername contains (array) cloudnetwork contains (array) displayname (string) filepath contains (array) osnamesnin (array) analystverdictsnin (array) incidentstatuses (array) countsfor (string) externalticketids (array) contenthashes (array) initiatedby (array) computername contains (array) externalticketexists (boolean) data (object) output example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "mon, 11 sep 2023 08 58 22 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "x rqid" "ca215f22 b23f 4683 a984 d5283635fed4", "access control allow origin" "https //usea1 identity sentinelone net", "access control allow credentials" "true", "vary" "origin", "strict transport security" "max age=31536000; includesubdomains", "x frame options" "sameorigin", "x content type options" "nosniff", "content security policy" "default src 'self' ; connect src 'self' sentinelone net cdn pendo io app pendo io pendo io data pendo io scalyr com storage googleapis com sentry io sentry io google analytics com gstatic com unpkg com cdn auth0 com wss\ // sentinelone net https //www googletagmanager com https //cdnjs cloudflare com data ; script src 'self' 'unsafe inline' 'unsafe eval' cdn pendo io app pendo io pendo io static storage googleapis com cdn pendo io storage googleapis com data pendo io https //www google analytics com https //www googletagmanager com https //unpkg com https //cdnjs cloudflare com ; img src 'self' data https //www google analytics com cdn pendo io app pendo io sentinelone com storage googleapis com data pendo io ; style src 'self' 'unsafe inline' app pendo io cdn pendo io storage googleapis com https //cdnjs cloudflare com ; font src 'self' data https //cdn auth0 com ; frame src 'self' blob https //receptive io https // pendo io https //pendo io extensions storage googleapis com/ https // youtube com ; frame ancestors 'self' app pendo io ; object src 'none'", "cache control" "no store", "pragma" "no cache", "expires" " 1", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" { "affected" 0 } } } ] output parameters status code (number) reason (string) json body (object) data (object) affected (number) response headers header type server string date string content type string transfer encoding string connection string x rqid string access control allow origin string access control allow credentials string vary string strict transport security string x frame options string x content type options string content security policy string cache control string pragma string expires string content encoding string

Initiate Scan

New Firewall Rule