Platform content pack: SentinelOne
- Borja Moro Moreno
Purpose
This content pack provides five Activeboards pre-configured to process SentinelOne's endpoint and threat detection and response events. The pack covers multiple use cases including the creation of a general overview of the security and threats landscape from an end-point perspective as well as the capability to drill-down on a per-client basis.
Included content
ActiveboardSentinelOne Activity Overview | ActiveboardSentinelOne Threat Detections | ActiveboardSentinelOne Threat Explorer |
ActiveboardSentinelOne Activity Explorer | ActiveboardSentinelOne Agent Status | Â |
Open content pack
Each of the items included in the content pack must be accessed separately. To do that, simply click on their name in the Included contents section to access their cards and then click the Open button at the top right of the card.
Use content pack
Each item of a content pack has a specific purpose and use, which depend on the type of content. They can be a lookup to enrich your data, an Activeboard to visualize and analyze data graphically, an alert with conditions to find anomalous events, or an application for specific operations.