Purpose
This Activeboard emphasizes the detection information. Its component makes it easy to analyze all reported threats as they become available through the SentinelOne platform. The security team will be able to triage all available information and focus on the most priority detections thanks to the centralization of all data and incorporated filtering capabilities.
This Activeboard is part of a Content Pack
This Activeboard is part of SentinelOne Content Pack that contains five different SentinelOne Activeboards.
Open SentinelOne Threat Detections
Once you have installed the Activeboard, you can access it in the following ways:
Go to Exchange in the navigation pane and look for the Activeboard you want to open. Click Open.
Go to Activeboards in the navigation pane and use the filter to open the Activeboard you downloaded.
Know more about Activeboards
Refer to Manage and filter Activeboards article to know how to work with Activeboards.
Pre-requisites
To run SentinelOne Threat Detections Activeboard, you must have the following data source available in your domain:
edr.sentinelone.agent.threats
learn more
Exploring the Activeboard
When opening the Activeboard, the following widgets with this info display:
Threat Classification
Detections by Site
Detections by OS
Detections File Extension
Detections by Engine
Detections by Confidence Level
Top Threats Detected
Threats Detected by Group
Threats Detected by Last Logged in User