SentinelOne combines static and behavioral AI within one autonomous agent that is the leading platform today; defending your endpoints against file-based malware, file less attacks, evil scripts, and memory exploits whether that endpoint is online or offline.
The SentinelOne agent combines these protective abilities with Deep Visibility detect and respond functions so that incident responders and hunters can also perform their jobs by pivoting off of attack information and performing free-form IoC searches.
Hybrid infrastructure –On-prem console while the EDR data is in cloud.
All data transmissions are encrypted, compressed, and sent over HTTPS. Agent data is available to you, and only you, for up to three months. From the time that an event occurs, the data is available in the Deep Visibility queries in minutes.
A gateway stands between your Agents and the Cloud Storage. The gateway authenticates all Agents with your Management. Your Management Console shows data from only your Agents. Your data is not given to others.
Detailed flow: Agents send data. It goes to the Deep Visibility Gateway, which sends data to the Cloud Database that processes big data. The Cloud Database sends to the Database query engine that reads the database. It sends to the query Gateway. The management server speaks with query GW which speaks with DB. MGMT can speak with Agent to do mitigation. Maximum data retention is 3 months.
This data is collected by Agents and correlated by Deep Visibility for you to access details, search, and monitor.