AvantGuard - SentinelOne

Actions682

Overview

This node performs the 'Ranger Enable' action on SentinelOne agents via a web API. It allows users to specify a detailed filter to select which agents should be affected by enabling the Ranger feature, which is typically used for network quarantine or enhanced security enforcement on endpoints. This node is useful in scenarios where security teams want to programmatically enable Ranger on a subset of agents matching complex criteria, such as OS version, agent version, tags, locations, or threat status. For example, enabling Ranger on all Linux agents with active threats or on agents in specific locations.

Properties

Name	Meaning
Filter	A JSON object defining criteria to select agents to be affected by the Ranger Enable action. Only agents matching this filter will be targeted. Leaving it empty applies the action to all applicable agents.
Additional Body Fields	Optional additional JSON fields to include in the request body, allowing customization or extension of the API call with extra data.

Output

JSON

response - The JSON response from the SentinelOne API after attempting to enable Ranger on the filtered agents. It typically contains status information about the action's success or failure.

Dependencies

Requires an API key credential for the AvantGuard SentinelOne API to authenticate requests.
Depends on the '@avantguardllc/n8n-openapi-node' package for OpenAPI integration.

Troubleshooting

If the filter JSON is malformed, the node will fail to send a valid request. Ensure the filter is valid JSON.
If no agents match the filter, the action will have no effect; verify filter criteria carefully.
Authentication errors may occur if the API key credential is missing or invalid; check credential configuration.
Network or API endpoint errors can happen if the base URL is incorrect or the SentinelOne service is unreachable.
Unexpected API responses or errors may require checking the API documentation or contacting support.