Alert management can be performed automatically through a SentinelOne’s XDR Webhook with Prelude’s API.
Get your Webhook authentication material from Prelude, this can be done via the Detect UI or Prelude CLI. Save generate-webhook output to be used in the following steps. To generate the webhook:
PreludeCLI:
prelude partner generate-webhook SENTINELONEDetect UI: Navigate to upper right corner and click on your username. Next, select "Integrations" and click "Settings" next to SentinelOne.
Go the SentinelOne Singularity Martketplace and search for Webhook:
Click “Configure” and paste in your:
API - (from step 1) - https://api.us1.preludesecurity.com/partner/suppress/4/**account_number**
- Secret - (from step 1) -
- Description - sentinelone-webhook-auth
- Headers:
Text JSON { "Accept": "application/json", "Content-Type": "application/json", "Token": "${Var1}" } - Custom Body Message:
```Text JSON {"incidentStatus":"${activity.threatInfo.incidentStatus}", "threatId":"${activity.threatInfo.threatId}", "sha1":"${activity.threatInfo.sha1}", "threatName":"${activity.threatInfo.threatName}", "originatorProcess":"${activity.threatInfo.originatorProcess}"}
```
- Click Save and set your Scope of Access to your Account & Site ID for which you’ve enabled your Prelude Partner integration.
- Install to your specified site.
- Done!