Activeboard: SentinelOne Threat Detections

[ 1 Purpose ] [ 2 Prerequisites ] [ 3 Open Activeboard ] [ 4 Use Activeboard ]

Purpose

This Activeboard emphasizes the detection information. Its component makes it easy to analyze all reported threats as they become available through the SentinelOne platform. The security team will be able to triage all available information and focus on the most priority detections thanks to the centralization of all data and incorporated filtering capabilities.

Threat Classification	Detections File Extension	Top Threats Detected
Detections by Site	Detections by Engine	Threats Detected by Group
Detections by OS	Detections by Confidence Level	Threats Detected by Last Logged in User

Included in Content Pack

This Activeboard is part of SentinelOne Content Pack that contains five different SentinelOne Activeboards.

Prerequisites

To run this Activeboard, you must have the following data source available in your domain:

edr.sentinelone.agent.threats ^{learn more}

Open Activeboard

Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.

Data loading takes too long?

Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.

Use Activeboard

After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.

Devo latest

Activeboard: SentinelOne Threat Detections

Analytics

Purpose

Prerequisites

Open Activeboard

Use Activeboard

Related content