SentinelOne Threats

sentinelone

Classification:

attack

Set up the sentinelone integration.

Goal

Detect when SentinelOne raises a threat.

Strategy

A SentinelOne threat is generated when the agent detects suspicious or malicious activity. The confidence levels are:

  • Malicious - The Agent AI is very confident that the threat is malicious.
  • Suspicious - The Agent AI found traits that are suspicious, but not enough to mark it as malicious.

This confidence level is set by the SentinelOne Agent and cannot be changed.

Triage and response

  1. Investigate the SentinelOne threat to determine if it is malicious or benign.
  2. If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.