Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sentinelone-incident-import] A connector that allows Incidents from a SentinelOne Account to be imported into an OpenCTI Instance #3510

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

maximus-debski
Copy link

@maximus-debski maximus-debski commented Feb 27, 2025

Proposed changes

  • Initial Creation of the SentinelOne Incident External Import Connector

Related issues

  • NA

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality using different use cases
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

NOTE: This connector's development occurred in the 'sentinelone-incidents' pull request. This is a fresh, new pull request that contains signed commits only. See #3270

@romain-filigran romain-filigran added this to the PRs backlog milestone Feb 27, 2025
@helene-nguyen helene-nguyen added the community use to identify PR from community label Feb 28, 2025
Copy link
Member

@Powlinett Powlinett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thansk again for your contribution @maximus-debski 🙏
Unfortunaly I can't checkout to your branch due to an invalid path error, as there's a trailing space in the connector's directory. Would you mind remove it and leverage this change to remove "-import" and simply call the connector "sentinelone-incident" ? 😇
Thanks!

version: '3'
services:
connector-sentinelone-incidents:
build: ./
Copy link
Member

@Powlinett Powlinett Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, please don't forget to update docker files according to the new connector's name.
Here the service's name should be sentinelone-incident and the build key should be replaced by image: opencti/sentinelone-incident:<version>.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community use to identify PR from community
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants