Skip to content
English
Contact AgileBlue Support Customer portal
AgileBlue Portal
  • There are no suggestions because the search field is empty.

Host Isolation System Credential Check

AgileBlue automatically monitors the credentials for your Office 365 and Host Isolation System integrations, notifying your team by email if any credentials are found to be invalid.

Overview 

AgileBlue runs an automated credential validation service that checks whether the credentials configured for your active integrations are working correctly. This service covers: 

  • Office 365 - when Office 365 is active in your Alert Playbook 
  • Host Isolation Systems - Microsoft Defender, Sophos, and SentinelOne 

If any credentials are found to be invalid, AgileBlue will automatically send a daily email notification to the Emergency Contact(s) on file for your organization. This ensures the right people are made aware of the issue quickly, so credentials can be refreshed before security coverage is impacted. 

 

Prerequisites 

  • Active credentials configured in the AgileBlue portal for one or more of the following: Office 365, Microsoft Defender, Sophos, or SentinelOne 
  • At least one Emergency Contact listed for your organization in the AgileBlue portal, as this is where failure notifications will be sent 
  • Administrative access to the relevant vendor console to update or regenerate credentials when needed 

 

How the Credential Check Works 

AgileBlue's credential validation service runs automatically in the background on a scheduled basis. For each integration that is active in your environment, the service: 

  1. Attempts to authenticate using the credentials currently saved in the AgileBlue portal 
  1. If a failure is detected, sends a daily automated email to your organization's Emergency Contact(s) notifying them that credentials are invalid and action is required 

No manual steps are needed for checks to run. However, when a failure is detected, your Emergency Contact(s) will need to review and update the affected credentials to restore full integration functionality. 

 

Respond to a Credential Failure Notification 

If your Emergency Contact receives a credential failure email from AgileBlue, follow the steps below for the affected integration. 

Office 365 

  1. Log in to the Microsoft Entra Admin Console 
  1. Navigate to App registrations and locate the application registered for AgileBlue 
  1. Verify the application is still active and that the required permissions are still granted. For more information and steps, check https://help.agileblue.com/office365-integration 
  1. Select Certificates & Secrets 
  1. Check whether the existing Client Secret has expired 
  1. If expired, click New client secret, provide a description and expiration period, then click Add 
  1. Copy the new secret value immediately - it will not be displayed again after leaving the page 
  1. The final step is to submit these sensitive details to AgileBlue. Email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values: 
  1. New Client Secret 
  1. Secret Value expiration date 

 

Microsoft Defender 

  1. Log in to the Microsoft Entra Admin Console 
  1. Navigate to App registrations and locate the application registered for the Defender integration 
  1. Verify the application is still active and that the required permissions are still granted. For more information, check https://help.agileblue.com/bi-directional-defender-integration  
  1. If a Client Secret has expired, navigate to Certificates & Secrets, generate a new secret, and copy the value immediately 
  1. The final step is to submit these sensitive details to AgileBlue. Email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:  
  1. New Client Secret  
  1. Secret Value expiration date 

Sophos 

  1. Log in to the Sophos Central Admin Console 
  1. Navigate to Global Settings > API Credentials 
  1. Verify the application is still active and that the required permissions are still granted. For more information, check https://help.agileblue.com/sophos-central-integration  
  1. Locate the credentials registered for AgileBlue and verify they are active 
  1. If credentials have expired or been revoked, generate a new set of API credentials and copy the Client ID and Client Secret 
  1. Log in to the AgileBlue SecOps Portal 
  1. The final step is to submit these sensitive details to AgileBlue. Email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:  
  1. New Client Secret  
  1. Secret Value expiration date 

SentinelOne 

  1. Log in to your SentinelOne Management Console 
  1. Navigate to Settings > Users and locate the API user account associated with AgileBlue 
  1. Verify the application is still active and that the required permissions are still granted. For more information, check https://help.agileblue.com/sentinelone-integration  
  1. Verify the account is active and the API token has not expired 
  1. If the token has expired, generate a new API token and copy the value 
  1. The final step is to submit these sensitive details to AgileBlue. Email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:  
  1. New API Token 
  1. Secret Value expiration date 

 

Confirm Your Emergency Contacts Are Up to Date 

Since credential failure notifications are sent to your Emergency Contact(s) on file, it is important to keep this information current. If your Emergency Contact has changed, please contact AgileBlue Support to update your records. 

 

Need Help? 

AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues or if you have any questions, please reach out to AgileBlue Support

Email: support@agileblue.com Phone: (216) 606-9400