Link Search Menu Expand Document

SentinelOne_Invalid_Token

ID: 100270

Description:

A SentinelOne API token has expired / is invalid

Repository: Group: SentinelOne Type: event

Default Status:

Enabled

Tags:
SentinelOne
 

Selector:

Query:

Filters:

Field MUST hit
@source sentinelone
@sentinelone.agent null
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@source asset application activity

Risks:

Risks Base Score Dimension
ALERT_POLICY 200 alert

Attributes:

Alias Key
EventType @sentinelone.type

Correlation Rules:

History:

User Date
em*n@fluencysecurity.com 2021 Jun 25 00:11:52 EDT
em*n@fluencysecurity.com 2021 Jun 25 15:51:42 EDT
ho*d@fluencysecurity.com 2021 Jun 28 08:29:13 EDT
ho*d@fluencysecurity.com 2021 Jun 28 08:32:50 EDT

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)