Skip to content

SenseOn Connect Zapier Integration

Overview

This integration allows you to connect SenseOn with thousands of apps on Zapier, enabling you to automate tasks and streamline your workflows.

Prerequisites

Before you begin, ensure you have the following: - A SenseOn Connect Personal Access Token (PAT) - The codename of your SenseOn platform - A Zapier account

Setting Up the Integration

Step 1: Sign Up for Zapier

If you don't already have a Zapier account, you can sign up here.

When using SenseOn triggers and actions, follow the prompts to authorise Zapier to access your SenseOn account by providing the platform code name and your PAT.

API Settings

You can generate a PAT by following the steps in SenseOn Connect.

Step 2: Create a Zap

  1. Click on the "Create Zap" button.
  2. Choose a trigger app.
  3. Select a trigger event.
  4. Follow the prompts to set up the trigger.
  5. Choose an action app and configure the action.
  6. Test your Zap and turn it on.

Available Triggers

  • New Case: Triggers when a new low, medium, high, or critical scoring case is detected.
  • Case Flagged: Triggers when a case is marked as flagged in the SenseOn platform.
  • New Case With Specific Criteria: Triggers when a new case that matches specified criteria is detected.

Available Actions

  • Cases: Returns details for, including a count of, cases raised in the specified number of days.
  • Observations: Returns details for, including a count of, observations raised in the specified number of days.
  • Case Details: Retrieves the details of a specific case by its ID.
  • Devices: Returns details for, including a count of, the endpoints seen in the specified number of days.
  • Update Case: Updates the status, state, and notes of a specific case by its ID in the SenseOn platform.
  • Push Endpoint Observation: Pushes a new endpoint observation to the SenseOn platform.
  • Push Network Observation: Pushes a new network observation to the SenseOn platform.
  • Create Hunt Lab Query (Simple): Creates a new hunt lab query in the SenseOn platform. Input is simplified for users less proficient in SQL seeking to create basic queries.
  • Create Hunt Lab Query (Advanced): Creates a new hunt lab query in the SenseOn platform. Input suitable for those proficient in SQL.
  • Observation Details For Specific Observation: Retrieves observation details for a specific observation by its corresponding unique ID.
  • Update Case Flagged: Updates the flagged status of a specific case by its ID.
  • Retrieve Hunt Lab Query Result: Retrieves the result of a previously submitted hunt lab query, given the query ID.
  • Device Details For Specific Device: Returns device details for a specific endpoint by its ID.

Examples

Below are some simple example workflows using the SenseOn Connect Zapier integration.

⚠ Note: Be sure to test any workflows before implementing them in a production environment.

Example 1 - Slack Notification for New Flagged Case:

This example demonstrates how to alert a specific Slack channel when a new case is marked as flagged in the SenseOn platform.

  1. Set the trigger app to SenseOn.
  2. Select the trigger event 'Case Flagged'.

API Settings

  1. Connect your SenseOn account using your platform code name and PAT.

API Settings

  1. Set the action app to Slack.
  2. Select the 'Send new channel message' action. Authenticate to Slack.
  3. Create a message template, including any desired case details.

API Settings

Example 2 - Schedule Simple Hunt Lab Query:

This example shows how to run a query in Hunt Lab on a recurring schedule. This specific example looks for 4672 events indicating special privileges were assigned to a new logon.

  1. Set the trigger to Schedule by Zapier.

API Settings

  1. Set the desired schedule for the query to run.
  2. Set the action app to SenseOn.
  3. Select the 'Create Hunt Lab Query' action. Authenticate to SenseOn using your platform code name and PAT.

API Settings

  1. Set the following query parameters: a. table: endpoint_windows_event_log b. selection subject: eventid c. selection comparison value: 4672
  2. Set the next action to 'Delay by Zapier'. Set the delay period to two minutes (this allows the query to run).

API Settings

  1. Set the next action to 'Retrieve Hunt Lab Query Result' by SenseOn.

API Settings

  1. Fill out the action parameters, be sure to use the query ID provided by the previous 'Create Hunt Lab Query' action.

API Settings

  1. Set the next action to Gmail, authenticate with the correct email address. Fill out desired email details.

Troubleshooting

Common Issues

  • Authentication Errors: Ensure your SenseOn PAT is correct, still valid, and has the correct permissions. Also, ensure the platform code name is correct.
  • Missing Fields: Check if all required fields are mapped correctly.
  • Timeouts: Verify your network connection and API rate limits.

FAQ

Q: Can I use this integration on Zapier's free plan? A: The integration is available on Zapier's free plan, but some features may require a premium subscription.