SentinelOne_Invalid_Token
ID: 100270
Description:
A SentinelOne API token has expired / is invalid
Repository: Group: SentinelOne Type: event
Default Status:
Enabled
| Tags: |
|---|
| SentinelOne |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @source | sentinelone |
| @sentinelone.agent | null |
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @source | asset | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_POLICY | 200 | alert |
Attributes:
| Alias | Key |
|---|---|
| EventType | @sentinelone.type |
Correlation Rules:
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Jun 25 00:11:52 EDT |
| em*n@fluencysecurity.com | 2021 Jun 25 15:51:42 EDT |
| ho*d@fluencysecurity.com | 2021 Jun 28 08:29:13 EDT |
| ho*d@fluencysecurity.com | 2021 Jun 28 08:32:50 EDT |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)