/
Platform content pack: SentinelOne
Document toolboxDocument toolbox

Platform content pack: SentinelOne

Owned by Borja Moro Moreno (Unlicensed)
Last updated: Jun 07, 2023
2 min read
[ 1 Purpose ] [ 2 Included content ] [ 3 Open content pack ] [ 4 Use content pack ]

Purpose

This content pack provides five Activeboards pre-configured to process SentinelOne's endpoint and threat detection and response events. The pack covers multiple use cases including the creation of a general overview of the security and threats landscape from an end-point perspective as well as the capability to drill-down on a per-client basis.

Included content

ActiveboardSentinelOne Activity Overview

ActiveboardSentinelOne Threat Detections

ActiveboardSentinelOne Threat Explorer

ActiveboardSentinelOne Activity Explorer

ActiveboardSentinelOne Agent Status

 

Open content pack

Each of the items included in the content pack must be accessed separately. To do that, simply click on their name in the Included contents section to access their cards and then click the Open button at the top right of the card.

Use content pack

Each item of a content pack has a specific purpose and use, which depend on the type of content. They can be a lookup to enrich your data, an Activeboard to visualize and analyze data graphically, an alert with conditions to find anomalous events, or an application for specific operations.

Related content

Activeboard: SentinelOne Threat Detections
Activeboard: SentinelOne Threat Detections
Devo latest
More like this
Activeboard: SentinelOne Threat Explorer
Activeboard: SentinelOne Threat Explorer
Devo latest
More like this
Activeboard: SentinelOne Activity Overview
Activeboard: SentinelOne Activity Overview
Devo latest
More like this
Platform content pack: AWS
Platform content pack: AWS
Devo latest
More like this
Activeboard: SentinelOne Activity Explorer
Activeboard: SentinelOne Activity Explorer
Devo latest
More like this
Platform alert pack: Firewall
Platform alert pack: Firewall
Devo latest
More like this