It starts with silent monitoring of all user- and kernel-space activity on the endpoint. The SentinelOne agent rapidly builds a complete context of normal system activity, which serves as the backdrop for the industry’s most advanced behavior-based threat detection.
With full visibility into the endpoint, SentinelOne’s Dynamic Behavior Tracking engine pinpoints malicious activity—even by the most sophisticated, stealthy attacks.
SentinelOne transforms heaps of deep forensics data into an intuitive visualization in real time. The Attack Storyline depicts the threat execution flow in high resolution, from inception. Users can select a specific process on the attack story line and drill down into the individual network, file, process, or data actions that were taken.
SentinelOne gives responders a rapid means of assessing each security incident.The 360-degree view of an attack also includes:
Summary information This section of the SentinelOne EPP or CSPP management console outlines the basic attack details, including attack statistics, dwell time, file information, path, machine name, IP, domain, along with information about where else on the network the attack has been seen.
In addition, this section shows cloud reputation validation, certificate information (if the file is signed or not), and advanced attack details (such as a list of known packers that may have been used).
Attack Overview Detailed information about indicators SentinelOne used to determine if a process was malicious, including capturing attack statistics and dwell time.
Raw Data A comprehensive line-by-line detailed view of changes made to the system, files, processes, and registry settings. This data is easily exported to popular SIEM systems including Splunk, LogRhythm, for further investigation or sent to network security devices for proactively blocking threats at the gateway.