- Type Learning
- Level Intermediate
- Time Days
SentinelOne Incident Responder
Issued by
SentinelOne
The Incident Responder badge represents the ability to manage Threats and Alerts in the SentinelOne Management console. The recipient has the ability to use the EDR and XDR querying interfaces in Deep Visibility and Skylight to correlate events and create complex queries, filter searches, create groupings and statistical summaries, tune false positives with minimal risk exclusions, and intelligently use response actions to effectively mitigate Threats and Alerts.
- Type Learning
- Level Intermediate
- Time Days
Skills
- Create effective queries in Deep Visibility and Skylight
- Cyber Investigation (INV)
- Cybersecurity Defence Analysis (CDA)
- Endpoint Detection And Response
- Identify and tune false positives using minimal risk Exclusions.
- Incident Response (CIR)
- Perform incident root cause analysis.
- Pivot incident investigation into the data lake to triage related events.
- Prioritize Threats and Alerts in the SentinelOne Management Console.
- Recommend and apply the appropriate Mitigation actions for Threats and Alerts.
- Respond to security incidents in the SentinelOne Management Console.
- Threat Analysis (TWA)
- Use S1QL 1.0 and PowerQuery (S1QL 2.0) to investigate security incidents.
Earning Criteria
-
Candidates must complete all core courses in the Incident Response Learning Path.
-
Candidates must complete the assessments in each Incident Response module with an 80% or higher score.