Standard Operating

Procedure For
SentinelOne Policy Detection Engines.

This document will help for what is the Policy Detection Engines in sentinelone
console..

1.Type URL:– https://apne1-1101-nfr.sentinelone.net/login

2.Enter your Username & Password.
3.Enter Two Factor Auth. Code & Click Login.

4.Once logged into Sentinelconsole, a dashboard will open up which basically shows deatails
about the endpoints in graphical manner.

In the Detection Engines section of the policy shows the S1 detection engines of the Agent that scan
and inspect acitivity.

Note:-If we disable this option but still the engine still work to detect threats in the background.

There are two types of Engine.

Page 3 of
7Internal & Confidential
 1) Modes of engine begavior
2) Policy detection engines

Reputation:- This is the IMP engine a threat intelligence engine that matches file hashes
feeds and user fefined blocklists to make sure no known malicious files are written to disk or
executed.

Static AI (Deep File Inspection):- This static AI engine that uses machine learning
technologies to scan for malicious files executed or written to disk.

Static AI-Suspicious:- This static AI engine that uses machines technologies to scan for
suspicious files executed or written to disk.

PUA:- This static Ai engine for MacOs devices that inspected applicatoions that are usually
unsultable.

Behavioral AI:- This Behavioral AI engine that uses machine learing techniques to detect
process chains associated with malicious activites.This engine detects in real-time
protection,when processes excute.

Documents Scripts:- This AI engine uses machines learning techinques to detect malicious
documents & scripts.

Lateral Movement:- This AI engine that detects attacks initiated by remote devices.

Anti Exploitation/Fileless:- This AI engine is focused on memory exploits and fileless attack
techniques like web-related & command line exploits.

Application Control:- This is AI engine only executables from the original container image run
in the container.

Detec Interactive Threat:- This is AI engine that detects malicious activity in interactive
sessions (e.g if user runs malicious actions from a CMS or PowerShell command line)

On Write:- This static AI & Reputation engines to monito files written to disk like HDD or USB.

On Execute:- This AI engine monitor behavior & detect malicious activity when the a process
starts.

Page 4 of
7Internal & Confidential
Note:- If we enabled Full Disk Scan On Install is enabled in the agent policy its started to
scan the endpoint.The Dynamic Engines mode becomes active after the endpoint restarted.

Policy Detection Engines By OS

End of Document
********************

Page 5 of
7Internal & Confidential
 Page 6 of
7Internal & Confidential
 Page 7 of
7Internal & Confidential