Standard Operating

Procedure For
SentinelOne SOP Deep Visibility.

This document will help for Deep Visibilty function and how we can used Threat
Hunting on sentinelone console..

1.Type URL:– https://apne1-1101-nfr.sentinelone.net/login

2.Enter your Username & Password.
3.Enter Two Factor Auth. Code & Click Login.

4.Once logged into Sentinelconsole, a dashboard will open up which basically shows deatails
about the endpoints in graphical manner.

What is Threat Hunting?

Threat hunting is the process implemented for proactive detection malicious activity in endpoint
network.Threat hunting can find suspicious behavior in its early stages before it becomes an attack and
will generate the alerts.

What is Storyline?

When we run a Deep Visibility query,its automatically correlates all related objects like
process,files,threads,events and more of a threat.We can quickly understand the root cause behind a
threat with all of its context,relationships and activities.

To enable Deep Visibility

1. Go to SentinelPolicy

2. Go to Deep Visibility Configuration

Page 3 of
8Internal & Confidential
 3. Select Enable Deep Visibility

Note:- Select all data types for Threat Hunting

4. Click Save.

Running a Deep Visibility Query.

1. ClickVisibilitySelect Events or Process.

2. We can select field,operator and value.

Note:-When the query is showing in red icon means is not completed or vaild and a grenn icons shows
it is vaild.

Not Vaild.

Page 4 of
8Internal & Confidential
Vaild.

3. We can select multiple phrases,selecr AND or OR,we can use ten times for each query.

4. Select a time freame for the query.

Note:-We can open 15 tabs at one time,with different queries.

For e.g check the below query for sha1 file.

Page 5 of
8Internal & Confidential
 End of Document
********************

Page 6 of
8Internal & Confidential
 Page 7 of
8Internal & Confidential
 Page 8 of
8Internal & Confidential