Skip to content

SentinelOneHelper

Description

PowerShell module for interacting with the SentinelOne API.

GitLab Repository

Features

  • Connect to SentinelOne using API tokens or temporary tokens.
  • Manage agents, groups, policies, exclusions, and more.
  • Retrieve and update SentinelOne configuration and status.
  • Perform actions on agents such as scans, updates, and log retrieval.
  • Fetch and manage SentinelOne packages and sites.

Functions

Connection

  • Set-S1ModuleConfiguration: Configure the SentinelOne module for connecting to the management console.
  • Get-S1Token: Retrieve a temporary API token for SentinelOne authentication.

Agents

  • Get-S1Agent: Retrieve information about SentinelOne agents.
  • Invoke-S1AgentAction: Perform actions on SentinelOne agents (e.g., scan, update, move).
  • Move-S1Agent: Move agents to a specified group.

Groups

  • Get-S1Group: Retrieve information about SentinelOne groups.
  • New-S1Group: Create a new group in SentinelOne.
  • Remove-S1Group: Delete a group from SentinelOne.

Policies

  • Get-S1Policy: Retrieve policy settings in SentinelOne.
  • Set-S1Policy: Modify policy settings in SentinelOne.

Exclusions

  • Get-S1Exclusion: Retrieve exclusions from SentinelOne.
  • New-S1Exclusion: Create a new exclusion in SentinelOne.
  • Remove-S1Exclusion: Remove exclusions from SentinelOne.

Packages

  • Get-S1Package: Retrieve a list of deployable packages from SentinelOne.

Sites

  • Get-S1Site: Retrieve information about SentinelOne sites.

Incidents

  • Set-S1IncidentStatus: Update the incident status for threats in SentinelOne.

Configuration

  • Set-S1ModuleConfiguration: Set configuration values for connecting to the SentinelOne console.
  • Remove-S1ModuleConfiguration: Remove persisted configuration for the SentinelOne module.

Fetch and Logs

  • Invoke-S1FetchFile: Fetch files from agents and retrieve them as password-protected zip files.
  • New-S1CorruptedDBCollection: Collect logs from agents with problematic states.

Private Functions

  • Invoke-S1Query: Handles the request/response aspect of interacting with the SentinelOne API.

Roadmap

  • Add more functions for advanced threat management.
  • Expand support for managing SentinelOne filters and upgrade policies.
  • Enhance logging and error handling for all functions.

Changelog

  • 01/01/2022: Initial release of the SentinelOneHelper module.
  • 01/04/2025: Added documentation and enhanced functionality for managing agents, groups, and policies.