---
title: SentinelOne Threats
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > SentinelOne Threats
---

# SentinelOne Threats
Classification:attack 
## Goal{% #goal %}

Detect when SentinelOne raises a threat.

## Strategy{% #strategy %}

A SentinelOne threat is generated when the agent detects suspicious or malicious activity. The confidence levels are:

- Malicious - The Agent AI is very confident that the threat is malicious.
- Suspicious - The Agent AI found traits that are suspicious, but not enough to mark it as malicious.

This confidence level is set by the SentinelOne Agent and cannot be changed.

## Triage and response{% #triage-and-response %}

1. Investigate the SentinelOne threat to determine if it is malicious or benign.
1. If the alert is benign, consider including the user, host or IP address in a suppression list. See [Best practices for creating detection rules with Datadog Cloud SIEM](https://www.datadoghq.com/blog/writing-datadog-security-detection-rules/#customize-security-signal-messages-to-fit-your-environment) for more information.