SentinelOne DeepVisibility - Learn more about the SentinelOne DeepVisibility Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

SentinelOne DeepVisibility - Learn more about the SentinelOne DeepVisibility Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the SentinelOne DeepVisibility Collector and content pack integrations in Cortex XSIAM.

You can configure collecting SentinelOne DeepVisibility raw EDR event data using a Standard Collector or with a content pack integration:

SentinelOne DeepVisibility vendor	Description
Standard Collector overview	Forward raw EDR event data from SentinelOne DeepVisibility to Cortex XSIAM, streamed via Cloud Funnel to Amazon S3 using the SentinelOne - Deep Visibility data source.
Link to Standard Collector instructions	Ingest raw EDR events from SentinelOne DeepVisibility
Links to content pack/integration instructions	The SentinelOne content pack provides capabilities for endpoint protection, allowing users to receive alerts, manage protection policies, search processes, and execute remediation actions on endpoints. The SentinelOne pack contains classifiers, issue fields, issue types, layouts, modeling rules, and playbooks. It also includes the following integrations: SentinelOne Activity and Alerts: Use this integration to fetch activities, threats, and issues from SentinelOne using the `sentinelone-get-events` command. SentinelOne v2 (Partner Contribution): Use this integration to send requests to your management server and get responses with data pulled from agents or from the management database. It includes commands to connect, disconnect, shut down, and uninstall agents as well as get agent, threat, and site information.