EDR Integrations

Supported Fields

Leen Model	SentinelOne EDR¹	CrowdStrike EDR	Microsoft Defender
`vendor_id`	✅	✅	✅
`title`	✅	✅	✅
`description`		✅	✅
`assigned_user`		✅	✅
`severity`	✅	✅	✅
`vendor_severity`	✅	✅	✅
`status`	✅	✅	✅
`vendor_status`	✅	✅	✅
`first_event_time`	✅	✅	✅
`last_event_time`	✅	✅	✅
`resolved_time`		✅	✅
`pid`	✅	✅	✅
`process_created_at`			✅
`process_filename`		✅	✅
`process_command_line`	✅	✅	✅
`process_sha1`	✅		✅
`process_sha256`	✅	✅	✅
`process_md5`	✅	✅
`parent_pid`	✅	✅	✅
`user_name`	✅	✅	✅
`windows_sid`			✅
`active_directory_username`	✅		✅
`active_directory_domain`	✅		✅

`tactic_name`	✅	✅
`tactic_id`		✅
`tactic_source`	✅

`technique_name`	✅	✅
`technique_id`		✅
`technique_link`	✅

For any additional information about our field mappings or integrations please contact us.

^[1] _{SentinelOne provides limited alert information if the alert is not of type Dynamic}

On this page

Leen Model	SentinelOne EDR¹	CrowdStrike EDR	Microsoft Defender
`vendor_id`	✅	✅	✅
`title`	✅	✅	✅
`description`		✅	✅
`assigned_user`		✅	✅
`severity`	✅	✅	✅
`vendor_severity`	✅	✅	✅
`status`	✅	✅	✅
`vendor_status`	✅	✅	✅
`first_event_time`	✅	✅	✅
`last_event_time`	✅	✅	✅
`resolved_time`		✅	✅
`pid`	✅	✅	✅
`process_created_at`			✅
`process_filename`		✅	✅
`process_command_line`	✅	✅	✅
`process_sha1`	✅		✅
`process_sha256`	✅	✅	✅
`process_md5`	✅	✅
`parent_pid`	✅	✅	✅
`user_name`	✅	✅	✅
`windows_sid`			✅
`active_directory_username`	✅		✅
`active_directory_domain`	✅		✅

`tactic_name`	✅	✅
`tactic_id`		✅
`tactic_source`	✅

`technique_name`	✅	✅
`technique_id`		✅
`technique_link`	✅

For any additional information about our field mappings or integrations please contact us.

^[1] _{SentinelOne provides limited alert information if the alert is not of type Dynamic}

On this page