Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=sentinelone-overview

SentinelOne Singularity Endpoint integration

API Endpoint

You can integrate SentinelOne Singularity Endpoint with Sophos Central so that it sends data to Sophos.

This page gives you an overview of the integration.

SentinelOne Singularity Endpoint product overview

SentinelOne Singularity is an AI-driven endpoint security solution designed to autonomously defend against a wide spectrum of attacks. By unifying endpoint protection, detection, response, and remediation, it offers a holistic view of the threat landscape and immediate action capabilities.

Sophos documents

Integrate SentinelOne Singularity Endpoint

What we ingest

Sample alerts seen by Sophos:

  • Ransomware
  • Malware
  • Trojan
  • miner
  • Exploit
  • Adware
  • Hacktool
  • Rootkit
  • Virus
  • Generic.Heuristic
  • Phishing
  • Spyware
  • Worm
  • Packed

Filtering

We filter messages as follows:

  • We ALLOW only messages in the correct format.
  • We DENY messages that aren't in the correct format and don't DROP the data.

Sample threat mappings

Alert type is defined by the field threatInfo.classification.

Sample mappings:

{"Hacktool", "threatId": "TA0003", "threatName": "Persistence"}
{"Virus", "threatId": "TA0002", "threatName": "Execution"}
{"Spyware", "threatId": "T1033", "threatName": "System Owner/User Discovery"}

Vendor documentation

SentinelOne documentation