Document toolboxDocument toolbox

SentinelOne Content Pack

Purpose


This content pack provides five Activeboards pre-configured to process SentinelOne's endpoint and threat detection and response events. The pack covers multiple use cases including the creation of a general overview of the security and threats landscape from an end-point perspective as well as the capability to drill-down on a per-client basis.

Open content pack

Each of the items included in the content pack must be accessed separately. To do that, simply click on their name in the Included contents section to access their cards and then click the Open button at the top right of the card. You can also access them by selecting the relevant option in the Navigation pane and finding them in their respective areas.

Use content pack

Each item of a content pack has a specific purpose and use, which depend on the type of content. They can be a lookup to enrich your data, an Activeboard to visualize and analyze data graphically, an alert with conditions to find anomalous events, or an application for specific operations.