SentinelOne

Subscribe
Download 17
Last updated Jan 5, 2025

sentinelone-agents

Enumerate agents in the SentinelOne service.

sentinelone-agents [profile=PROFILE]
profile=PROFILE
Connect profile code of SentinelOne

Output Fields

FieldTypeNameDescription
profileStringConnect profileSentinelOne connect profile code
agent_idStringAgent IDe.g. 2111111111111111111
hostnameStringHostnamee.g. DESKTOP-AAAAAAA
nt_domainStringNT domaine.g. WORKGROUP
last_ipIP addressLast IP address
os_usernameStringOS user namee.g. root
group_nameStringGroup namee.g. Windows PC
group_ipStringGroup IP addresse.g. 172.20.200.x
is_infectedStringIs infectede.g. true, false
show_alert_iconBoolShow alert icone.g. true, false
apps_vulnerability_statusStringApps vulnerability statuse.g. up_to_date, not_applicable, patch_required
active_threat_countIntegerActive threat count
is_activeBoolIs activee.g. true, false
last_active_timeDateLast active time
last_user_nameStringLast user name
last_successful_scan_timeDateLast successful scan time
last_full_scan_timeDateLast full scan time
first_full_mode_timeDateFirst full mode time
scan_statusStringScan statuse.g. started, finished
scan_start_timeDateScan start time
scan_abort_timeDateScan abort time
scan_finish_timeDateScan finish time
network_statusStringNetwork statuse.g. connected
detection_stateStringDetection state
console_migration_statusStringConsole migration status
ranger_statusStringRanger statuse.g. Enabled, Disabled, NotApplicable
ranger_versionStringRanger versione.g. 23.4.1.1
machine_typeStringMachine typee.g. laptop, desktop, server
model_nameStringModel namee.g. VMware, Inc. VMware Virtual Platform
serial_numberStringSerial number
os_typeStringOS typee.g. linux, macos, windows
os_nameStringOS namee.g. Windows 10 Pro
os_archStringOS architecturee.g. 64 bit
os_revStringOS revisione.g. 19045
os_boot_timeDateOS boot time
cpu_idStringCPU IDe.g. AMD Ryzen 7 PRO 5850U with Radeon Graphics
cpu_countIntegerCPU socket counte.g. 1
core_countIntegerCPU core counte.g. 8
total_memoryIntegerTotal memorye.g. 15182
agent_verStringAgent versione.g. 23.4.4.223
license_keyStringLicense key
operational_stateStringOperational statee.g. na, disabled_error
operational_state_expirationStringOperational state expiration
remote_profiling_stateStringRemote profiling statee.g. disabled
remote_profiling_state_expirationStringRemote profiling state expiration
mitigation_modeStringMitigation modee.g. protect
mitigation_mode_suspiciousStringMitigation mode suspiciouse.g. detect
is_latest_verBoolIs latest versione.g. true, false
is_decommissionedBoolIs decommissionede.g. true, false
use_remote_shellBoolUse remote shelle.g. true, false
in_remote_shellBoolIn remote shelle.g. true, false
is_network_quarantine_enabledBoolIs network quarantine enablede.g. true, false
is_firewall_enabledBoolIs firewall enablede.g. true, false
is_threat_reboot_requiredBoolIs threat reboot requirede.g. true, false
encrypted_applicationsBoolIs encrypted applicationse.g. true, false
is_location_enabledBoolIs location enablede.g. true, false
location_typeStringLocation typee.g. fallback
is_hyper_automateBoolIs hyper automatede.g. true, false
is_ad_connectorBoolIs AD connectore.g. true, false
is_pending_uninstallBoolIs pending uninstalle.g. true, false
is_uninstalledBoolIs uninstallede.g. true, false
installer_typeStringInstaller typee.g. .msi
account_idStringAccount IDe.g. 1111111111111111111
account_nameStringAccount namee.g. Logpresso
site_idStringSite ID
site_nameStringSite namee.g. Default site
agent_uuidStringAgent UUIDe.g. 5eeee111111111111111111111111111
group_idStringGroup IDe.g. 1155555115522222222
has_cwppBoolHas CWPPtrue or false
machine_sidStringMachine SIDe.g. D11C1111-2222-4444-AAAA-22EE5577DDDD
storage_typeStringStorage type
storage_nameStringStorage name
external_idStringExternal ID
createdDateCreated
updatedDateUpdated
registeredDateRegistered
nicsListNetwork interfaces