Skip to main content Link Search Menu Expand Document (external link)

ResourceName - sentinelOneAgent

Table of contents
  1. Resource Data
  2. Example
    1. FPL Code
    2. Table Results

The sentinelOneAgent resource loads …

Resource Data

An example of what this resource includes:

"@dayIndex": "20220615-16",
  "@key": "2164006025d442009eaa4a4b9c5a875d",
  "@resource_type": "sentinelOneAgent",
  "@sentinelOneAgent": {
    "accountName": "Fluency Security - Reseller Account",
    "activeDirectory": {
      "computerDistinguishedName": null,
      "computerMemberOf": [],
      "lastUserDistinguishedName": null,
      "lastUserMemberOf": []
    },
    "activeThreats": 2,
    "agentVersion": "21.7.5.1080",
    "appsVulnerabilityStatus": "up_to_date",
    "computerName": "DEMO-WINSRV1",
    "customer": "Hermes",
    "domain": "WORKGROUP",
    "externalId": "",
    "externalIp": "3.143.113.98",
    "groupName": "Default Group",
    "id": "1398005533250464783",
    "infected": true,
    "isActive": true,
    "isDecommissioned": false,
    "isPendingUninstall": false,
    "isUninstalled": false,
    "isUpToDate": true,
    "lastActiveDate": "2022-06-15T16:10:10.374118Z",
    "lastIpToMgmt": "10.4.28.15",
    "lastLoggedInUserName": "",
    "machineType": "server",
    "mitigationMode": "protect",
    "mitigationModeSuspicious": "protect",
    "modelName": "Amazon EC2 - t3a.small",
    "networkStatus": "connected",
    "offSecond": 50,
    "osName": "Windows Server 2019 Datacenter",
    "osRevision": "17763",
    "osType": "windows",
    "osUsername": "",
    "pluginName": "",
    "scanFinishedAt": "2022-04-13T22:23:19.027251Z",
    "scanStartedAt": "2022-04-13T21:07:34.302651Z",
    "scanStatus": "finished",
    "siteId": "1386203946298668724",
    "siteName": "Fluency Demo",
    "threatRebootRequired": false,
    "translation": {
      "agentID": "2164006025d442009eaa4a4b9c5a875d",
      "asset": "DEMO-WINSRV1",
      "ip": "10.4.28.15",
      "source": "Hermes",
      "username": ""
    },
    "updatedAt": "2022-06-15T13:09:12.799005Z",
    "uuid": "2164006025d442009eaa4a4b9c5a875d"
  },
  "@source": "sentinelOne",
  "@timestamp": 1655309460629,
  "@type": "resource"

Example

FPL Code

An example for showing the number of sentinelOne agents that are infected and the number of agents that are patch-required:

function s1_infected()
    load resource sentinelOneAgent
    let {agentID} = f("@sentinelOneAgent.translation")
    let {computerName,modelName,mitigationMode,infected,appsVulnerabilityStatus} = f("@sentinelOneAgent")
    aggregate total=count(),infected=count(infected),patchNeeded=count(appsVulnerabilityStatus=="patch_required")
end

function s1_issues()
    load resource sentinelOneAgent
    let {agentID,asset,username} = f("@sentinelOneAgent.translation")
    let {computerName, modelName, mitigationMode, infected, appsVulnerabilityStatus}=f("@sentinelOneAgent")
    where infected==true or appsVulnerabilityStatus=="patch_required"
end
 
stream infected_systems=s1_infected()
stream issues=s1_issues()

Table Results

Results of the above FPL code:

Page last updated: 2022 Oct 31