sentinelone training registration 1
TRANSCRIPT
Training Course Registration and Options 1
S1-200 SentinelOne Core Workshop 6
S1-201 SentinelOne Administrator Course 8
S1-202 SentinelOne Investigator Course 10
S1-203 SentinelOne Fundamentals Course 12
S1-204 SentinelOne Ranger Workshop 15
S1-205 Threat Hunting Workshop 17
S1-301 IR Threat Hunting Course 19
SentinelOne Training Registration 1
Training Courses and Descriptions
CPE Credit Information 2
Training Credits 3
SentinelOne Training Options 1
SentinelOne Resources 5
© SENTINELONE 1 MAY 11, 2020
SENTINELONE TRAINING CATALOG
SentinelOne Training Course Registration and Options
Registering for Training Course
To register for a training course, participants need to first purchase Training Credits from their sales representative. Participants can locate a public training course on the SentinelOne Training website. Participants can then email [email protected] with the class title, their name, organization and the requested date. Once approved, you will receive a registration acknowledgement email.
Group Live Training
In-person training allows for more interaction between the instructor and students without the distractions at work. In-person training increases student participation and focuses their attention. In-person training increases opportunities for student engagement, which then helps everyone to more successfully achieve the course’s learning objectives and this personal interaction with fellow students allows for the opportunity to gain insights and perspectives. Live trainings allow for the experience to be not only heard, but also to be experienced with all senses and emotions.
Group Internet Based (Live On-line) Training
Live Online trainings are led by certified instructors. Live Online training is a live, interactive virtual classroom solution where the students interact with the instructor and each other in ways that engage and challenge the learning process. Students have access an environment where they complete hands-on labs and complete assigned tasks. Live Online training is ideal for organizations with a distributed workforce. Employees from anywhere can register and participate in training without the expense and hassle of travel. Live On-line training requires the students to have good internet access.
© SENTINELONE 2 MAY 11, 2020
SENTINELONE TRAINING CATALOG
Private Training An organization can request SentinelOne custom on-site training in order to align training to their workflows and learning goals. This allows for discussions around confidential internal information.
Field of Study – Information Technology – Technical CPE Credits for SentinelOne Courses
SentinelOne is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
CPE stands for Continuing Professional Education. CPE credits are earned by participating in SentinelOne training courses, in-person and on-line classes. CPE approved training enables you to improve your skills and provide increased value to your employers throughout your career.
CPE Credit Matrix: SentinelOne Core Workshop 7 CPE Credits
SentinelOne Administrator Course 7 CPE Credits
SentinelOne Investigator Course 14 CPE Credits
SentinelOne Fundamentals Course 21 CPE Credits
SentinelOne Ranger Workshop 2 CPE Credits
SentinelOne Custom Training Courses Based on the length of the course
Attendance Requirements for CPE Credit
For information regarding attendance requirements for CPE credits, please contact our office at [email protected].
© SENTINELONE 3 MAY 11, 2020
SENTINELONE TRAINING CATALOG
Training Credits are designed for individuals and companies that want to purchase training for multiple employees and need the flexibility to decide who attends the training and when. Training Credits can be used to purchase online and on-site training courses as well as pay for SentinelOne Certification exams.
Ideal for volume license agreements, large projects, and end-of-year budget purchases.
Training credits cannot be used for T&E or other course related expenses. Clients will be responsible for the actual T&E after the training event is complete.
Training Credits Guidelines
• There is no minimum purchase requirements or Training Credits. • Training Credits must be redeemed within one year from the date of purchase. • Training Credits due to expire can be extended one more year with the purchase
of additional training credits. • Unused Training Credits at the end of one year are non-refundable. • Training Credits can be used for:
o SentinelOne Training Courses (Public Online or Private On-Site) o SentinelOne Certification exam fees
• When applied to training, Training Credits must be used for training that begins before the expiration date.
• The customer must designate a primary point of contact who will be authorized to schedule training for their employees.
• If a class attendee needs to reschedule a course, they must do so before the class starts in order to receive a credit refund.
• Any class attendees who fail to attend a course and does not notify training prior to the class starting will forfeit the Training Credits for that course.
© SENTINELONE 4 MAY 11, 2020
SENTINELONE TRAINING CATALOG
Training Class Matrix: SentinelOne Core Workshop 1 Day Course – 2 Credits per seat
SentinelOne Administrator Course 1 Day Course – 2 Credits per seat
SentinelOne Investigator Course 2 Day Course – 4 Credits per seat
SentinelOne Fundamentals Course 3 Day Course – 6 Credits per seat
SentinelOne Ranger Workshop 2 Hour Course – 1/2 Credit per seat
SentinelOne Custom Training Courses 2 Credits per day per seat Contact SentinelOne Sales for more information and pricing: [email protected]
Cancellations, Refunds or Concerns
For information regarding cancellations, refunds or concerns, please contact our office at [email protected].
© SENTINELONE 5 MAY 11, 2020
SENTINELONE TRAINING CATALOG
Resources
SentinelOne Resources Page https://www.sentinelone.com/resources/
Provides access to:
• White Papers
• Infographic
• Case Studies
• Datasheets
• Videos
• Reports
• Webinars
• eBooks
Subscribe to the SentinelOne Blog and Newsletter https://www.sentinelone.com/blog/
SentinelOne Core Workshop S1-200
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Intermediate
1 Day
• Incident Responders
• System Administrators
• Instructor Led Training
• Live Online Instructor Led Training
7.0
Course Overview The SentinelOne Core Workshop provides the basic core knowledge and skills necessary to effectively use the SentinelOne platform for endpoint protection.
In this 1-day, hands-on course, attendees will be exposed to the following tasks:
• Gain an Understanding of the SentinelOne Console
• Working with Custom Dashboards
• Managing Accounts – Sites – Groups
• Installing and Managing Agents
• Managing User Accounts
• Policy Settings
• Device Control
• Firewall Control
• Filtering and Searching Functionality
• Threat Analysis, Mitigation and Resolution Workflow
• Mitigation Actions
• Managing the Blacklist
• Managing Exclusions
• Application Risk Management
• Introduction to Deep Visibility and Threat Hunting
• Working with Reports
The course includes multiple hands-on labs that allow students to apply what they have learned.
Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:
• Understanding of networking and network security
• Understanding of fundamental information security concepts • Read and understand the English language
• Perform basic operations on a computer
• Be familiar with the Microsoft Windows environment
DETECT RESPOND PREVENT HUNT
SentinelOne Core Workshop S1-200
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Course Syllabus
Module 1 – Introduction Topics:
• Student and Instructor Introductions
• Class Agenda
• Introduction to SentinelOne
• SentinelOne Resources Module 2 – Management Console Overview
Learning Objectives:
• Management Console Views
• Scope View
• Dashboard
• Visibility
• Sentinels
• Analyze
• Applications
• Activity
• Reports
• Settings
• Custom Dashboards Module 3 – Administration
Learning Objectives:
• Features by Admin Role
• Managing Accounts – Sites – Groups
• Installing and Managing Agents
• Remote Functions for Endpoints
• User Management
• Policy Settings
• Device Control
• Firewall Control
• Managing Exclusions
• Application Risk Management
Module 4 – Incident Response Learning Objectives:
• Filtering Functionality
• Searching Functionality
• Reviewing Threats
• Threat Mitigation Status
• Threat Analysis, Mitigation and Resolution Workflow
• Forensic Analysis of Threats
• Mitigation Actions
• Managing the Blacklist Module 5 – SentinelOne Deep Visibility
Learning Objectives:
• Introduction to Deep Visibility
• Basic Threat Hunting Queries
Module 6 – Reports Learning Objectives:
• Creating Reports
• Editing and Deleting Reports
• Downloading a Report
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Administrator Course S1-201
Intermediate
1 Day
• System Administrators
• Instructor Led Training
• Live Online Instructor Led Training
7.0
Course Overview The SentinelOne Administrator course will provide the knowledge and the skills necessary to effectively administrator the SentinelOne platform. In this 1-day, hands-on course, attendees will be exposed to the following tasks:
• Get a Strong Understanding of the SentinelOne Console
• Managing Accounts – Sites – Groups
• Installing and Managing Agents
• Managing User Accounts
• Policy Settings
• Device Control
• Firewall Control
• Managing the Blacklist
• Managing Exclusions
The course includes multiple hands-on labs that allow students to apply what they have learned.
Prerequisites This hands-on class is intended for students who have a basic understanding of networking, network information security monitoring and concepts and endpoint analysis.
To obtain the maximum benefit from this class, you should meet the following requirements:
• Read and understand the English language.
• Perform basic operations on a personal computer.
• Be familiar with the Microsoft Windows environment.
DETECT RESPOND HUNT PREVENT
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Administrator Course S1-201
Course Syllabus
Module 1 – Introduction Topics:
• Student and Instructor Introductions
• Class Agenda
• Introduction to SentinelOne Module 2 – Management Console Overview
Learning Objectives:
• Management Console Views
• Scope View
• Dashboard
• Visibility
• Sentinels
• Analyze
• Applications
• Activity
• Reports
• Settings
Module 3 – Administration Learning Objectives:
• Features by Admin Role
• Managing Accounts – Sites – Groups
• Managing Agents
• Installing Agents
• User Management
• Policy Settings
• Device Control
• Firewall Control
• Full Disk Scan
• Managing the Blacklist
• Managing Exclusions
• Application Risk Management Module 4 – Reports
Learning Objectives:
• Creating Reports
• Editing and Deleting Reports
• Downloading a Report
• Raw Data Report .
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Investigator Course S1-202
Intermediate
2 Days
• Incident Responders
• Incident Analysts
• Instructor Led Training
• Live Online Instructor Led Training
14.0
Course Overview The SentinelOne Investigator course provides the knowledge and the skills necessary to effectively use the SentinelOne platform for endpoint protection where it:
• Tracks everything as it happens
• Detects in real time, cloud or no cloud
• Responds & Recovers at machine speed
• Maintains context for easy threat hunting In this 2-day, hands-on course, attendees will be exposed to the following tasks:
• Get a Strong Understanding of the SentinelOne Console
• Filtering Functionality
• Searching Functionality
• Threat Analysis, Mitigation and Resolution Workflow
• Mitigation Actions
• Full Disk Scans
• Managing the Blacklist
• Managing Exclusions
• Application Risk Management
• Remote Shell
• Deep Visibility
• Introduction to Threat Hunting
• Working with Reports The course includes multiple hands-on labs that allow students to apply what they have learned.
Prerequisites This hands-on class is intended for students who have a basic understanding of networking, network information security monitoring and concepts and endpoint analysis.
To obtain the maximum benefit from this class, you should meet the following requirements:
• Read and understand the English language.
• Perform basic operations on a personal computer.
• Be familiar with the Microsoft Windows environment.
DETECT RESPOND HUNT PREVENT
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Investigator Course S1-202
Course Syllabus Module 1 – Introduction
Topics:
• Student and Instructor Introductions
• Class Agenda
• Introduction to SentinelOne
Module 2 – Management Console Overview
Learning Objectives:
• Management Console Views
• Scope View
• Dashboard
• Visibility
• Sentinels
• Analyze
• Applications
• Activity
• Reports
• Settings
Module 3 – Incident Responder
Learning Objectives:
• Filtering Functionality
• Searching Functionality
• Reviewing Threats
• Threat Mitigation Status
• Threat Analysis, Mitigation and Resolution Workflow
• Forensic Analysis of Threats
• Mitigation Actions
• Full Disk Scan
• Managing the Blacklist
• Managing Exclusions
• Application Risk Management
• Remote Shell
Module 4 – Regular Expressions
Learning Objectives:
• What are Regular Expressions
• Literal vs. Operators
• RegEx Syntax
Module 5 – SentinelOne Deep Visibility Learning Objectives:
• Understanding Deep Visibility
• Threat Hunting Query
• Taking Action
• Responding to Incidents
• Threat Hunting Queries
• Supported File Types for Deep Visibility Module 6 – Reports
Learning Objectives:
• Creating Reports
• Editing and Deleting Reports
• Downloading a Report
• Raw Data Report Module 7 – Ranger
Learning Objectives:
• Ranger Console
• Ranger Settings
• Scans
• Passive
• Active
• Identifying Rouge Devices
• Response
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Fundamentals Course S1-203
Intermediate
3 Days
• Incident Responders
• System Administrators
• Instructor Led Training
• Live Online Instructor Led Training
21.0
Course Overview
The SentinelOne Fundamentals course will provide the knowledge and the skills necessary to effectively use the SentinelOne platform for endpoint protection where it:
• Tracks everything as it happens
• Detects in real time, cloud or no cloud
• Responds & Recovers at machine speed
• Maintains context for easy threat hunting
In this 3-day, hands-on course, attendees will be exposed to the following tasks:
• Managing Accounts – Sites – Groups
• Installing and Managing Agents
• Managing User Accounts
• Policy Settings
• Device Control
• Firewall Control
• Filtering Functionality
• Searching Functionality
• Threat Analysis, Mitigation and Resolution Workflow
• Mitigation Actions
• Full Disk Scans
• Managing the Exclusions and Blacklists
• Application Risk Management
• Remote Shell
• Deep Visibility and Threat Hunting
• Working with Reports The course includes multiple hands-on labs that allow students to apply what they have learned.
Prerequisites This hands-on class is intended for students who have a basic understanding of networking, network information security monitoring and concepts and endpoint analysis.
To obtain the maximum benefit from this class, you should meet the following requirements:
• Read and understand the English language.
• Perform basic operations on a personal computer.
• Be familiar with the Microsoft Windows environment.
DETECT RESPOND HUNT PREVENT
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Fundamentals Course S1-203
Course Syllabus
Module 1 – Introduction Topics:
• Student and Instructor Introductions
• Class Agenda
• Introduction to SentinelOne
• SentinelOne Ranger Overview
• SentinelOne Vigilance Overview
• SentinelOne Resources Module 2 – Management Console Overview
Learning Objectives:
• Management Console Views
• Scope View
• Dashboard
• Visibility
• Sentinels
• Analyze
• Applications
• Activity
• Reports
• Settings Module 3 – Administration
Learning Objectives:
• Features by Admin Role
• Managing Accounts – Sites – Groups
• Installing and Managing Agents
• Remote Functions for Endpoints
• User Management
• Policy Settings
• Device Control
• Firewall Control
Module 4 – Incident Response Learning Objectives:
• Filtering Functionality
• Searching Functionality
• Reviewing Threats
• Threat Mitigation Status
• Threat Analysis, Mitigation and Resolution Workflow
• Forensic Analysis of Threats
• Mitigation Actions
• Full Disk Scan
• Managing the Blacklist
• Managing Exclusions
• Application Risk Management
• Remote Shell Module 5 – Regular Expressions
Learning Objectives:
• What are Regular Expressions
• Literal vs. Operators
• RegEx Syntax Module 6 – SentinelOne Deep Visibility
Learning Objectives:
• Understanding Deep Visibility
• Threat Hunting Query
• Taking Action
• Responding to Incidents
• Threat Hunting Queries
• Supported File Types for Deep Visibility
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Fundamentals Course S1-203
Module 7 – Reports
Learning Objectives:
• Creating Reports
• Editing and Deleting Reports
• Downloading a Report
• Raw Data Report Module 8 – Ranger
Learning Objectives:
• Ranger Console
• Ranger Settings
• Scans
• Passive
• Active
• Identifying Rouge Devices
• Response
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Ranger S1-204
Intermediate
2 Hour
• Incident Responders
• System Administrators
• Instructor Led Training
• Live Online Instructor Led Training
2.0
Course Overview The SentinelOne Ranger course is a two-hour course that provides the knowledge and skills necessary to effectively use the SentinelOne Ranger platform for full visibility of network endpoints. This course will provide attendees an understanding of the SentinelOne Ranger platform and its functionality. In this two-hour, hands-on course, attendees will be exposed to the following tasks:
• Get an Understanding of the SentinelOne Ranger Console
• How to set Ranger scanning settings
• Installing and Managing Agents
• Ranger benefits
• Enterprise-wide visibility of connected devices
• Intelligent and automatic scan management
• Simple mapping of unmanaged endpoints
• Enriched Threat Hunting with unmanaged device information
• Network isolation of unwanted devices
• Ranger functionality
• Using agents as scanners
• Select specific networks to scan
The course includes multiple hands-on labs that allow students to apply what they have learned.
Prerequisites This hands-on class is intended for students who have a basic understanding of networking, network information security monitoring and concepts and endpoint analysis.
To obtain the maximum benefit from this class, you should meet the following requirements:
• Read and understand the English language.
• Perform basic operations on a personal computer.
• Be familiar with the Microsoft Windows environment.
DETECT RESPOND HUNT PREVENT
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
SentinelOne Ranger S1-204
Course Syllabus
Module 1 – Introduction Topics:
• Student and Instructor Introductions
• Class Agenda
• Introduction to SentinelOne Ranger
• Requirements to use Ranger
• SentinelOne Resources Module 2 – Ranger Management Console Overview
Learning Objectives:
• Ranger Management Console
• Ranger Settings
• Scan Settings
• Scan Configuration
• Network Dashboard
• Device Inventory Dashboard
• Scan Results
• Managed State
• Device Total
• OS Type
• Endpoint Listing Module 3 – Using Ranger
Learning Objectives:
• Installed Agents
• Selecting Corporate Networks to Scan
• Enabling Ranger
• Selected Scanners
• Passive Scan
• Active Scan
• Scan Intervals
• Downloading Raw Date JSON
• Identifying Rouge Devices
• Response
Threat Hunting Workshop S1-205
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Intermediate
2 Hour
• Security Analysts • SecOps • SystemOps • Security Architects
• In-Person Instructor Led Training
• Live Online Instructor Led Training
2.0
Workshop Overview This workshop is designed for analysts that may have a requirement or desire to learn threat hunting or the managers of such analysts. Introductory course to threat hunting. Teaches students the responsibilities of a threat hunter, common tools used for threat hunting, and how to create and test a threat hunting hypothesis. Also serves as a precursor to threat response. Key topics are the difference between threat hunting and searching, the ATT&CK framework, hypotheses, IOC/TTPs and interpreting hunt results. In this two-hour, instructor-led course, attendees will be exposed to the following:
● The difference between hunting and searching
● The responsibilities of Blue and Red Teams
● Understanding and interpreting intelligence
● Building threat hunting queries
● Use SentinelOne’s EDR platform to perform threat analysis
Prerequisites Recommended prerequisites for this course are:
• Understanding of networking and network security • Understanding of fundamental information security concepts • Understanding of regular expressions
To obtain the maximum benefit from this class, you should meet the following requirements: • Read and understand the English language • Perform basic operations on a computer • Be familiar with the Microsoft Windows environment
DETECT RESPOND HUNT PREVENT
Threat Hunting Workshop S1-205
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Course Agenda
Section 1 – Introduction Topics:
• Instructor Introductions • Class Agenda • Introduction to threat hunting
Section 2 – Mindset of a Threat Hunter
Learning Objectives: • What a Blue Team does and which skills to take away from Blue Team experience • What a Red Team does and which skills to take away from Red Team experience • Intel
• Intel the process • Intel the product • MITRE ATT&CK
• Common Vocabulary • Behaviors > Indicators
• Paranoia • The cycle of thought that drives threat hunting
• Digital Forensics and Incident Response • What to look for, where to look for it and how to interpret the results
Section 3 – Hunting, Not Searching
Learning Objectives: • Difference between searching and hunting • Knowing when searching is OK • Building better hunts • Postulating • Creating and testing an attack hypothesis • IOCs, TTPs and TrueContext
Section 4 – Threat Hunting Lab
Learning Objectives: • Use Case: Take data from an intelligence report and using SentinelOne's EDR platform to find an
attack, answer questions about the severity and consequences of the attack, and proposing prevention measures against future similar attacks.
IR Threat Hunting Course S1-301
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Advanced
One Day
• Security Analysts • SecOps • System Ops • Security Architects
• In-Person Instructor Led Training
• Live Online Instructor Led Training
7.0
Course Description The SentinelOne IR Threat Hunting course is designed for analysts that may have a requirement or desire to learn advanced threat hunting techniques to effectively hunt for threats in an organization’s network using the SentinelOne platform. Key topics are the difference between threat hunting and searching, the ATT&CK framework, hypotheses, IOC/TTPs and interpreting hunt results. In this one day, instructor-led course, attendees will be exposed to the following:
● EC Council’s 17 phases
● Threat Hunting and IR techniques
● Blue Team
● Red Team
● DFIR
● ATT&CK MITRE
● Remote Shell
● Firewall Orchestration
● Group policies
● API
● Hands-on Labs
Prerequisites Recommended prerequisites for this course are:
• Understanding of networking and network security • Understanding of fundamental information security concepts • Understanding of regular expressions
To obtain the maximum benefit from this class, you should meet the following requirements: • Read and understand the English language • Perform basic operations on a computer • Be familiar with the Microsoft Windows environment
DETECT RESPOND HUNT PREVENT
IR Threat Hunting Course S1-301
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Course Agenda
Section 1 – Introduction Topics:
• Instructor Introductions • Class Agenda • Class Setup
Section 2 – Mindset of a Threat Hunter
Learning Objectives: • EC Council’s 17 Phases • What is Threat Hunting • What a Blue Team does and which skills to take away from Blue Team experience • What a Red Team does and which skills to take away from Red Team experience • Intel
• Intel the process • Intel the product • ATT&CK MITRE
• Common Vocabulary • Behaviors > Indicators
• Paranoia • The cycle of thought that drives threat hunting
Section 3 – Hunting, Not Searching
Learning Objectives: • Difference between searching and hunting • Knowing when searching is OK • Building better hunts • Postulating • Creating and testing an attack hypothesis • IOCs, TTPs and TrueContext
IR Threat Hunting Course S1-301
This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.
Section 4 – Advanced IR Learning Objectives:
• Techniques o S1QL o Watchlists/WAR o Hunter Extension o Hermes o SIEM/SOAR
• Remote Shell o Scripting and Remote Execution
▪ Architecture ▪ Execution
• Reporting Section 5 – Threat Hunting with SentinelOne
Learning Objectives:
• IR With SentinelOne o Containment and Acquisition
▪ Network Quarantine ▪ File Fetch
o Alerts ▪ Forensics Page ▪ Notes ▪ MITRE Mapping ▪ Incidents Page
o Deep Visibility ▪ TrueContext Map ▪ 30 days of Event Data
o Remote Shell ▪ Using other Forensic Kits (Scripts) ▪ Issuing WMI Commands
o “Mark as Threat” Workflow o Rollback o Remediation o Device Control o Firewall Orchestration o Group Policies o API