heroui logo

SentinelOne Alert Passthrough

Panther Rules

View Source
Summary
The SentinelOne Alert Passthrough rule is designed to streamline the handling of alerts generated by the SentinelOne endpoint protection platform. This rule enables the passing through of alerts based on defined conditions, facilitating easier monitoring and response to potential threats. The rule is configured to react to specific sentinel logs that contain alert information, allowing for a comprehensive overview of significant security events such as critical and medium severity alerts. The system checks for alerts with a minimum threshold and deduplicates alerts within a specified time period, ensuring relevant threat signals are not missed while preventing redundant processing of the same alert. By encompassing multiple log outputs and severity layers, this rule enhances the efficacy of the security response process, allowing teams to prioritize genuine threats and take necessary actions swiftly.
Categories
  • Endpoint
  • Cloud
Data Sources
  • User Account
  • Application Log
  • Network Traffic
Created: 2022-12-07