SentinelOne Singularity Integration

SentinelOne Singularity is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering. In Cisco XDR, we enable Singularity users to include their Singularity detections in Cisco XDR Incident analytics and detection. Additionally, we make it possible to leverage it for threat hunting and investigation features, as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.

Use the SentinelOne Singularity integration to search for security detections involving specific hostnames, host GUIDs, filenames, paths, hashes, process names, and process arguments. SentinelOne Singularity can also be used through Cisco XDR to isolate hosts from the network and block file hashes on the endpoint, and used to provide host information, including vulnerability information for use in triaging incidents and detections.

Cisco XDR incorporates SentinelOne Singularity detections into Cisco XDR's overall incident detection and correlation capabilities, as shown below: