diff --git a/docs/management/admin/bidirectional-actions.asciidoc b/docs/management/admin/bidirectional-actions.asciidoc
new file mode 100644
index 0000000000..5e76e1d472
--- /dev/null
+++ b/docs/management/admin/bidirectional-actions.asciidoc
@@ -0,0 +1,28 @@
+[[bidirectional-actions]]
+= Bidirectional response actions
+
+:frontmatter-description: Perform response actions on hosts protected by third-party endpoint security systems.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [reference]
+:frontmatter-tags-user-goals: [manage]
+
+preview::[]
+
+[discrete]
+[[sentinelone-response-actions]]
+== SentinelOne response actions
+
+SentinelOne response actions allow you to direct SentinelOne to perform actions on protected hosts without needing to leave the {elastic-sec} UI. Prior <<response-actions-config,configuration>> is required to connect {elastic-sec} with SentinelOne.
+
+The following response actions and related features are supported for SentinelOne-protected hosts:
+
+* **Isolate and release a host** using any of these methods:
++
+--
+** From a detection alert
+** From the response console
+--
++
+Refer to the instructions on <<isolate-a-host,isolating>> and <<release-a-host,releasing>> hosts for more details.
+
+* **View past response action activity** in the <<response-actions-history,response actions history>> log.
diff --git a/docs/management/admin/host-isolation-ov.asciidoc b/docs/management/admin/host-isolation-ov.asciidoc
index 54d8475423..0141bea2fe 100644
--- a/docs/management/admin/host-isolation-ov.asciidoc
+++ b/docs/management/admin/host-isolation-ov.asciidoc
@@ -67,7 +67,7 @@ All actions executed on a host are tracked in the host’s response actions hist
 ====
 NOTE: The response console is an https://www.elastic.co/pricing[Enterprise subscription] feature.
 
-. Open the response console for the endpoint (*Manage* -> *Endpoints* -> *Actions* menu (*...*) -> *Respond*).
+. Open the response console for the host (select the **Respond** button or actions menu option on the host, endpoint, or alert details view).
 . Enter the `isolate` command and an optional comment in the input area, for example:
 +
 `isolate --comment "Isolate this host"`
@@ -124,7 +124,7 @@ image::images/host-isolated-notif.png[Host isolated notification message,350]
 ====
 NOTE: The response console is an https://www.elastic.co/pricing[Enterprise subscription] feature.
 
-. Open the response console for the endpoint (*Manage* -> *Endpoints* -> *Actions* menu (*...*) -> *Respond*).
+. Open the response console for the host (select the **Respond** button or actions menu option on the host, endpoint, or alert details view).
 . Enter the `release` command and an optional comment in the input area, for example:
 +
 `release --comment "Release this host"`
diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
index 43744051fe..3b4f76f193 100644
--- a/docs/management/admin/response-actions-config.asciidoc
+++ b/docs/management/admin/response-actions-config.asciidoc
@@ -1,5 +1,5 @@
 [[response-actions-config]]
-= Response actions configuration
+= Configure bidirectional actions
 
 :frontmatter-description: Configure third-party systems to perform response actions on protected hosts.
 :frontmatter-tags-products: [security]
diff --git a/docs/management/admin/response-actions-history.asciidoc b/docs/management/admin/response-actions-history.asciidoc
index f6f8ca3e5f..85e618a2c6 100644
--- a/docs/management/admin/response-actions-history.asciidoc
+++ b/docs/management/admin/response-actions-history.asciidoc
@@ -6,7 +6,7 @@
 :frontmatter-tags-content-type: [reference]
 :frontmatter-tags-user-goals: [manage]
 
-{elastic-defend} keeps a log of the <<response-actions,response actions>> performed on endpoints, such as isolating a host or terminating a process. The log displays when each command was performed, the host on which the action was performed, the {kib} user who requested the action, any comments added to the action, and the action's current status.
+{elastic-sec} keeps a log of the <<response-actions,response actions>> performed on endpoints, such as isolating a host or terminating a process. The log displays when each command was performed, the host on which the action was performed, the {kib} user who requested the action, any comments added to the action, and the action's current status.
 
 .Requirement
 [sidebar]
@@ -27,9 +27,10 @@ image::images/response-actions-history-page.png[Response actions history page UI
 To filter and expand the information in the response actions history:
 
 * Enter a user name or comma-separated list of user names in the search field to display actions requested by those users.
-* Use the *Hosts* menu to display actions performed on specific endpoints. (This menu is only available on the *Response actions history* page for all endpoints.)
-* Use the *Actions* menu to display specific actions types.
-* Use the *Statuses* menu to display actions with a specific status.
-* Use the *Type* menu to display actions manually run by a user (`Triggered manually`) or automatically run by a rule (`Triggered by rule`).
+* Use the various drop-down menus to filter the actions shown:
+** *Hosts*: Show actions performed on specific endpoints. (Only available on the *Response actions history* page for all endpoints.)
+** *Actions*: Show specific actions types.
+** *Statuses*: Show actions with a specific status.
+** *Type*: Show actions based on the endpoint protection agent type ({elastic-defend} or a third-party agent), and how the action was triggered (manually by a user or automatically by a detection rule).
 * Use the date and time picker to display actions within a specific time range.
 * Click the expand arrow on the right to display more details about an action.
diff --git a/docs/management/admin/response-actions.asciidoc b/docs/management/admin/response-actions.asciidoc
index 856a2fc96d..990b4b660b 100644
--- a/docs/management/admin/response-actions.asciidoc
+++ b/docs/management/admin/response-actions.asciidoc
@@ -30,6 +30,7 @@ Launch the response console from any of the following places in {elastic-sec}:
 * *Endpoints* page -> *Actions* menu (*...*) -> *Respond*
 * Endpoint details flyout -> *Take action* -> *Respond*
 * Alert details flyout -> *Take action* -> *Respond*
+* Host details page → *Respond*
 
 To perform an action on the endpoint, enter a <<response-action-commands,response action command>> in the input area at the bottom of the console, then press *Return*. Output from the action is displayed in the console.
 
@@ -221,4 +222,5 @@ image::images/response-actions-history-console.png[Response actions history with
 
 include::host-isolation-ov.asciidoc[leveloffset=+1]
 include::response-actions-history.asciidoc[leveloffset=+1]
+include::bidirectional-actions.asciidoc[leveloffset=+1]
 include::response-actions-config.asciidoc[leveloffset=+1]