Professional Documents
Culture Documents
Procedure For
SentinelOne Policy Detection Engines.
This document will help for what is the Policy Detection Engines in sentinelone
console..
4.Once logged into Sentinelconsole, a dashboard will open up which basically shows deatails
about the endpoints in graphical manner.
In the Detection Engines section of the policy shows the S1 detection engines of the Agent that scan
and inspect acitivity.
Note:-If we disable this option but still the engine still work to detect threats in the background.
Page 3 of
7Internal & Confidential
1) Modes of engine begavior
2) Policy detection engines
Reputation:- This is the IMP engine a threat intelligence engine that matches file hashes
feeds and user fefined blocklists to make sure no known malicious files are written to disk or
executed.
Static AI (Deep File Inspection):- This static AI engine that uses machine learning
technologies to scan for malicious files executed or written to disk.
Static AI-Suspicious:- This static AI engine that uses machines technologies to scan for
suspicious files executed or written to disk.
PUA:- This static Ai engine for MacOs devices that inspected applicatoions that are usually
unsultable.
Behavioral AI:- This Behavioral AI engine that uses machine learing techniques to detect
process chains associated with malicious activites.This engine detects in real-time
protection,when processes excute.
Documents Scripts:- This AI engine uses machines learning techinques to detect malicious
documents & scripts.
Lateral Movement:- This AI engine that detects attacks initiated by remote devices.
Anti Exploitation/Fileless:- This AI engine is focused on memory exploits and fileless attack
techniques like web-related & command line exploits.
Application Control:- This is AI engine only executables from the original container image run
in the container.
Detec Interactive Threat:- This is AI engine that detects malicious activity in interactive
sessions (e.g if user runs malicious actions from a CMS or PowerShell command line)
On Write:- This static AI & Reputation engines to monito files written to disk like HDD or USB.
On Execute:- This AI engine monitor behavior & detect malicious activity when the a process
starts.
Page 4 of
7Internal & Confidential
Note:- If we enabled Full Disk Scan On Install is enabled in the agent policy its started to
scan the endpoint.The Dynamic Engines mode becomes active after the endpoint restarted.
End of Document
********************
Page 5 of
7Internal & Confidential
Page 6 of
7Internal & Confidential
Page 7 of
7Internal & Confidential