SentinelOne Alerts

sentinelone

Classification:

attack

Set up the sentinelone integration.

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when SentinelOne raises a custom alert.

Strategy

SentinelOne allows users to create custom rules from event search queries, that trigger alerts and response when the rule matches on the specified criteria.

Triage and response

  1. Investigate the SentinelOne custom alert to determine if it is malicious or benign.
  2. If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.
PREVIEWING: esther/docs-9478-fix-split-after-example