SentinelOne / Category: SentinelOne Singularity Platform - Additional Capabilities / Can I use SentinelOne for Incident Response? : Effectualness (Pty) Ltd - Power to be Effective™

SentinelOne / Category: SentinelOne Singularity Platform - Additional Capabilities / Can I use SentinelOne for Incident Response? Print

Modified on: Thu, 22 Jul, 2021 at 3:23 PM

Category: SentinelOne Singularity Platform - Additional Capabilities / Can I use SentinelOne for Incident Response?

Yes, you can use SentinelOne for incident response.

SentinelOne’s Remediation and Rollback Response capabilities are an industry-unique capability, patented by the U.S. Patent and Trade Office. SentinelOne ActiveEDR tracks and monitors all processes that load directly into memory as a set of related “stories.”

The agent maintains a local history of these contextual process relationships and any related system modifications that are performed. By maintaining story context through the life of software execution, the agent can determine when processes turn malicious, then execute the response specified in the Management policy.

If the the policy calls for automatic remediation or if the administrator manually triggers remediation, the agent has the stored historical context related to the attack and uses that data to handle the threat and clean the system of unwanted malicious code artifacts. Essentially, the agent understands what has happened related to the attack and plays the attack in reverse to remove the unauthorized changes.

Did you find it helpful? Yes No

SentinelOne / Category: SentinelOne Singularity Platform - Additional Capabilities / Can I use SentinelOne for Incident Response? Print

Related Articles