Scribd
Upload
125 views7 pages

SOP For Policy Detection Engines

This document describes the Policy Detection Engines in the SentinelOne console. It outlines the different types of engines that scan endpoints for threats including Reputation, Static AI, Behavioral AI, and Anti-Exploitation engines. The engines inspect files, processes, scripts, and memory for known malicious activity, suspicious behavior, and fileless attacks. The document also notes that engines continue working in the background even if disabled in the policy and lists the engines that monitor files written to disk and processes executed on the endpoint.

Uploaded by

Shantanu Kadlak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
125 views7 pages

SOP For Policy Detection Engines

This document describes the Policy Detection Engines in the SentinelOne console. It outlines the different types of engines that scan endpoints for threats including Reputation, Static AI, Behavioral AI, and Anti-Exploitation engines. The engines inspect files, processes, scripts, and memory for known malicious activity, suspicious behavior, and fileless attacks. The document also notes that engines continue working in the background even if disabled in the policy and lists the engines that monitor files written to disk and processes executed on the endpoint.

Uploaded by

Shantanu Kadlak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Standard Operating

Procedure For
SentinelOne Policy Detection Engines.

This document will help for what is the Policy Detection Engines in sentinelone
console..

1.Type URL:– https://apne1-1101-nfr.sentinelone.net/login


2.Enter your Username & Password.
3.Enter Two Factor Auth. Code & Click Login.

4.Once logged into Sentinelconsole, a dashboard will open up which basically shows deatails
about the endpoints in graphical manner.

In the Detection Engines section of the policy shows the S1 detection engines of the Agent that scan
and inspect acitivity.

Note:-If we disable this option but still the engine still work to detect threats in the background.

There are two types of Engine.

Page 3 of
7Internal & Confidential
1) Modes of engine begavior
2) Policy detection engines

Reputation:- This is the IMP engine a threat intelligence engine that matches file hashes
feeds and user fefined blocklists to make sure no known malicious files are written to disk or
executed.

Static AI (Deep File Inspection):- This static AI engine that uses machine learning
technologies to scan for malicious files executed or written to disk.

Static AI-Suspicious:- This static AI engine that uses machines technologies to scan for
suspicious files executed or written to disk.

PUA:- This static Ai engine for MacOs devices that inspected applicatoions that are usually
unsultable.

Behavioral AI:- This Behavioral AI engine that uses machine learing techniques to detect
process chains associated with malicious activites.This engine detects in real-time
protection,when processes excute.

Documents Scripts:- This AI engine uses machines learning techinques to detect malicious
documents & scripts.

Lateral Movement:- This AI engine that detects attacks initiated by remote devices.

Anti Exploitation/Fileless:- This AI engine is focused on memory exploits and fileless attack
techniques like web-related & command line exploits.

Application Control:- This is AI engine only executables from the original container image run
in the container.

Detec Interactive Threat:- This is AI engine that detects malicious activity in interactive
sessions (e.g if user runs malicious actions from a CMS or PowerShell command line)

On Write:- This static AI & Reputation engines to monito files written to disk like HDD or USB.

On Execute:- This AI engine monitor behavior & detect malicious activity when the a process
starts.

Page 4 of
7Internal & Confidential
Note:- If we enabled Full Disk Scan On Install is enabled in the agent policy its started to
scan the endpoint.The Dynamic Engines mode becomes active after the endpoint restarted.

Policy Detection Engines By OS

End of Document
********************

Page 5 of
7Internal & Confidential
Page 6 of
7Internal & Confidential
Page 7 of
7Internal & Confidential

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy