This playbook automates the extraction of data from sentinel one. Through the use of multiple REST API calls information like which agents are active as well as what software is installed on which endpoints is periodically retrieved.
Credentials
sys_ansible_aapwin
sys_ps_S1_retrieveAg
sys_powerbi_sd
sys_BI_PR_BronB_DigW
Input
Variable
Description
softwarelist
Determines for which software we will retrieve the endpoints it is installed on
Output
Variable
Description
Excel file
Full list of all S1 client agents
Excel file
List of all endpoints that have predefined software installed