SentinelOne expands Singularity Marketplace with new integrations for SIEM, SOAR, and malware analysis
June 2022 by Marc Jacob
SentinelOne has announced integrations with IBM, Swimlane, and Intezer, increasing use case offerings available via SentinelOne’s Singularity Marketplace. The new integrations cover security information and event management (SIEM), security orchestration, automation and response (SOAR), and malware analysis.
Streamlined Detection and Response Workflows with IBM
With a seamless API integration between SentinelOne Singularity XDR and IBM Security® QRadar® SIEM and SOAR, the integration consolidates visibility across SentinelOne managed endpoints, cloud workloads, identities, and additional SOC tools, incorporating SentinelOne context for automated detection and response. SentinelOne filters its context-rich detections through IBM’s QRadar SIEM for correlation, triage, and investigation.
If an alert is deemed actionable in QRadar SIEM, the incident is escalated to QRadar SOAR where security analysts can begin incident remediation and response. The joint solution allows IBM customers to maximise SOC operations through unified investigations, enhanced visibility, and intelligent automation across incident response workflows.
Multiply SecOps Workforce with Swimlane’s Robust Low-Code Automation
The SentinelOne integration with Swimlane increases visibility and triage accuracy, reduces alert fatigue, and accelerates mean-time-to-respond. It leverages SentinelOne Singularity XDR APIs in order for Swimlane to trigger low-code automation playbooks, case management processes, and populate modular dashboards or reports. Swimlane combines SentinelOne’s telemetry sources with human data into a single system of record. This joint solution provides centralised case management, automated incident enrichment, and alert remediation.
Accelerate Alert Triage and Automate Malware Analysis with Intezer
SentinelOne and Intezer combine to automatically triage incidents and provide advanced malware analysis verdicts, lessening the load on busy security teams. When SentinelOne detects a malicious activity, customers now have the option to automatically share alert data with Intezer for deep analysis. Intezer’s analysis is returned to SentinelOne for consolidated visibility and mitigation.
All integrations are available via SentinelOne’s Singularity Marketplace.