Scribd
Upload
260 views

SOP For Deep Visibility

This document provides instructions for using threat hunting and deep visibility functions in the SentinelOne console. It describes how to log in to the console, navigate to the deep visibility configuration page, enable deep visibility, and run queries to investigate processes, events, and related objects. Threat hunting proactively detects malicious activity, while deep visibility queries correlate related objects to understand the full context and relationships of a threat.

Uploaded by

Shantanu Kadlak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
260 views

SOP For Deep Visibility

This document provides instructions for using threat hunting and deep visibility functions in the SentinelOne console. It describes how to log in to the console, navigate to the deep visibility configuration page, enable deep visibility, and run queries to investigate processes, events, and related objects. Threat hunting proactively detects malicious activity, while deep visibility queries correlate related objects to understand the full context and relationships of a threat.

Uploaded by

Shantanu Kadlak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Standard Operating

Procedure For
SentinelOne SOP Deep Visibility.

This document will help for Deep Visibilty function and how we can used Threat
Hunting on sentinelone console..

1.Type URL:– https://apne1-1101-nfr.sentinelone.net/login


2.Enter your Username & Password.
3.Enter Two Factor Auth. Code & Click Login.

4.Once logged into Sentinelconsole, a dashboard will open up which basically shows deatails
about the endpoints in graphical manner.

What is Threat Hunting?

Threat hunting is the process implemented for proactive detection malicious activity in endpoint
network.Threat hunting can find suspicious behavior in its early stages before it becomes an attack and
will generate the alerts.

What is Storyline?

When we run a Deep Visibility query,its automatically correlates all related objects like
process,files,threads,events and more of a threat.We can quickly understand the root cause behind a
threat with all of its context,relationships and activities.

To enable Deep Visibility

1. Go to SentinelPolicy

2. Go to Deep Visibility Configuration

Page 3 of
8Internal & Confidential
3. Select Enable Deep Visibility

Note:- Select all data types for Threat Hunting

4. Click Save.

Running a Deep Visibility Query.

1. ClickVisibilitySelect Events or Process.

2. We can select field,operator and value.

Note:-When the query is showing in red icon means is not completed or vaild and a grenn icons shows
it is vaild.

Not Vaild.

Page 4 of
8Internal & Confidential
Vaild.

3. We can select multiple phrases,selecr AND or OR,we can use ten times for each query.

4. Select a time freame for the query.

Note:-We can open 15 tabs at one time,with different queries.

For e.g check the below query for sha1 file.

Page 5 of
8Internal & Confidential
End of Document
********************

Page 6 of
8Internal & Confidential
Page 7 of
8Internal & Confidential
Page 8 of
8Internal & Confidential

You might also like