When using SentinelOne CloudFunnel 2.0 and SentinelOne Singularity, the alert state is not being synced between Red Canary and SentinelOne. For instance, if the alert state is updated in Red Canary, that alert state is not updating in SentinelOne.
SentinelOne CloudFunnel 2.0
In this case, the Alert State sync was not enabled on the SentinelOne external alert source.
To update this setting:
1. In Red Canary, go to Integrations --> Alert Sources.
2. Click into the SentinelOne alert source.
3. Click Edit Configuration.
4. Check the "Alert state should be updated in the source platform as validation is performed?" checkbox.
5. Click Save Configuration.