You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit

Third-party response actions

Perform response actions on hosts protected by third-party endpoint security systems.

SentinelOne response actions

You can direct SentinelOne to perform response actions on protected hosts without leaving the Elastic Security UI. Prior configuration is required to connect Elastic Security with SentinelOne.

The following response actions and related features are supported for SentinelOne-protected hosts:

  • Isolate and release a host using any of these methods:

    • From a detection alert
    • From the response console

    Refer to the instructions on isolating and releasing hosts for more details.

  • View past response action activity in the response actions history log.

On this page