sentinelone-agents
Enumerate agents in the SentinelOne service.
sentinelone-agents [profile=PROFILE]
- profile=PROFILE
- Connect profile code of SentinelOne
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | SentinelOne connect profile code |
| agent_id | String | Agent ID | e.g. 2111111111111111111 |
| hostname | String | Hostname | e.g. DESKTOP-AAAAAAA |
| nt_domain | String | NT domain | e.g. WORKGROUP |
| ad_user | String | Active Directory user principal name | |
| ad_hostname | String | Active Directory computer DN | |
| ad_last_user | String | Active Directory last user DN | |
| last_ip | IP | Last IP address | |
| external_ip | IP | External IP address | |
| os_username | String | OS user name | e.g. root |
| group_name | String | Group name | e.g. Windows PC |
| group_ip | String | Group IP address | e.g. 172.20.200.x |
| is_infected | String | Is infected | e.g. true, false |
| show_alert_icon | Boolean | Show alert icon | e.g. true, false |
| apps_vulnerability_status | String | Apps vulnerability status | e.g. up_to_date, not_applicable, patch_required |
| active_threat_count | Integer | Active threat count | |
| is_active | Boolean | Is active | e.g. true, false |
| last_active_time | Date | Last active time | |
| last_user_name | String | Last user name | |
| last_successful_scan_time | Date | Last successful scan time | |
| last_full_scan_time | Date | Last full scan time | |
| first_full_mode_time | Date | First full mode time | |
| scan_status | String | Scan status | e.g. started, finished |
| scan_start_time | Date | Scan start time | |
| scan_abort_time | Date | Scan abort time | |
| scan_finish_time | Date | Scan finish time | |
| network_status | String | Network status | e.g. connected |
| detection_state | String | Detection state | |
| console_migration_status | String | Console migration status | |
| ranger_status | String | Ranger status | e.g. Enabled, Disabled, NotApplicable |
| ranger_version | String | Ranger version | e.g. 23.4.1.1 |
| machine_type | String | Machine type | e.g. laptop, desktop, server |
| model_name | String | Model name | e.g. VMware, Inc. VMware Virtual Platform |
| serial_number | String | Serial number | |
| os_type | String | OS type | e.g. linux, macos, windows |
| os_name | String | OS name | e.g. Windows 10 Pro |
| os_arch | String | OS architecture | e.g. 64 bit |
| os_rev | String | OS revision | e.g. 19045 |
| os_boot_time | Date | OS boot time | |
| cpu_id | String | CPU ID | e.g. AMD Ryzen 7 PRO 5850U with Radeon Graphics |
| cpu_count | Integer | CPU socket count | e.g. 1 |
| core_count | Integer | CPU core count | e.g. 8 |
| total_memory | Integer | Total memory | e.g. 15182 |
| agent_ver | String | Agent version | e.g. 23.4.4.223 |
| license_key | String | License key | |
| operational_state | String | Operational state | e.g. na, disabled_error |
| operational_state_expiration | String | Operational state expiration | |
| remote_profiling_state | String | Remote profiling state | e.g. disabled |
| remote_profiling_state_expiration | String | Remote profiling state expiration | |
| mitigation_mode | String | Mitigation mode | e.g. protect |
| mitigation_mode_suspicious | String | Mitigation mode suspicious | e.g. detect |
| is_latest_ver | Boolean | Is latest version | e.g. true, false |
| is_decommissioned | Boolean | Is decommissioned | e.g. true, false |
| use_remote_shell | Boolean | Use remote shell | e.g. true, false |
| in_remote_shell | Boolean | In remote shell | e.g. true, false |
| is_network_quarantine_enabled | Boolean | Is network quarantine enabled | e.g. true, false |
| is_firewall_enabled | Boolean | Is firewall enabled | e.g. true, false |
| is_threat_reboot_required | Boolean | Is threat reboot required | e.g. true, false |
| encrypted_applications | Boolean | Is encrypted applications | e.g. true, false |
| is_location_enabled | Boolean | Is location enabled | e.g. true, false |
| location_type | String | Location type | e.g. fallback |
| is_hyper_automate | Boolean | Is hyper automated | e.g. true, false |
| is_ad_connector | Boolean | Is AD connector | e.g. true, false |
| is_pending_uninstall | Boolean | Is pending uninstall | e.g. true, false |
| is_uninstalled | Boolean | Is uninstalled | e.g. true, false |
| installer_type | String | Installer type | e.g. .msi |
| account_id | String | Account ID | e.g. 1111111111111111111 |
| account_name | String | Account name | e.g. Logpresso |
| site_id | String | Site ID | |
| site_name | String | Site name | e.g. Default site |
| agent_uuid | String | Agent UUID | e.g. 5eeee111111111111111111111111111 |
| group_id | String | Group ID | e.g. 1155555115522222222 |
| has_cwpp | Boolean | Has CWPP | true or false |
| machine_sid | String | Machine SID | e.g. D11C1111-2222-4444-AAAA-22EE5577DDDD |
| storage_type | String | Storage type | |
| storage_name | String | Storage name | |
| external_id | String | External ID | |
| created | Date | Created | |
| updated | Date | Updated | |
| registered | Date | Registered | |
| nics | LIST | Network interfaces |