DATA SHEET

Cloud Funnel by SentinelOne

Aggregated Endpoint Telemetry in Your Data Lake

Retain Your Data Locally. Correlate KEY FEATURES

With Other Data Sources. Automate ++ Data subscription securely
SOAR Workflows. copies EDR telemetry from
SentinelOne Deep Visibility
Autonomous Sentinel agents continuously protect endpoints across your vast and expanding cloud to your data lake
enterprise footprint and upload endpoint Storyline™ data to the SentinelOne Deep Visibility™ ++ Supports Kafka v2.3.1
cloud. Storyline and Deep Visibility together enable aggregated analysis and hunting operations
within the SentinelOne SaaS management console. This fits most use cases. However, some
++ Salted password hash
supported by Kafka
organizations prefer to obtain a copy of this telemetry data for storage within their own data lake.
++ Signed TLS 1.2+ connection
SentinelOne makes this possible with Cloud Funnel™, a data subscription enabling the storage
of endpoint EDR data locally in your data lake. Once there, Security teams may take any number
of actions on their EDR data, such as correlation with non-SentinelOne data sources, integration
KEY BENEFITS
with SIEM tooling, and orchestration and enrichment of security incident workflows. ++ Data retention in your
data lake

++ Expedient audit response

Cloud Funnel securely streams your endpoint telemetry from SentinelOne Deep
++ Correlation of Deep
Visibility to your data lake via a Kafka subscription.
Visibility EDR data
with non-SentinelOne
data sources

++ SIEM and SOAR integration

++ Sample code for data

extraction from Kafka

Autonomous ActiveEDR creates a Storyline to simplify incident response and threat hunting
How Cloud
Funnel Works SentinelOne Telemetry

SentinelOne Deep Visibility aggregates endpoint telemetry Exporter

data in the cloud from your fleet of autonomous Sentinels, Deep

where AI reveals hidden threats, correlates activity, and Visibility
Gateway
delivers actionable insights. A Kafka subscription securely
sends your telemetry (as platform-neutral protobuf
messages) to your own data lake. Your connection to Deep
Visibility is secured via TLS 1.2+, and access is governed
by SCRAM (Salted Challenge Response Authentication Sentinels Enterprise
Mechanism) supported by Kafka. When new data is Data Lake
available, Kafka streams to your data lake.

Use Cases
Customers may desire to have local telemetry data
for a variety of reasons, including but not limited to:

• Data retention
• Regulatory compliance and/or audit considerations
• Correlation of endpoint telemetry data to other
(non-SentinelOne) data sources
• Integration to other security tools (e.g., SIEM)
• Integration to orchestrated security workflows
(e.g., SOAR)

Intuitive, interactive SentinelOne dashboard

SentinelOne is a Customer First Company

We offer a variety of services to assist and take pressure off of customers including Managed Detect & Respond (MDR), Incident
Response (IR), Readiness ONEscore, and Enterprise Follow-the-Sun Support with designated Technical Account Manager
personalization. SentinelOne is the highest rated vendor in the 2020 Gartner Peer Insights™ ‘Voice of the Customer’ Endpoint
Detection and Response Soulutions report. 96% of the reviewers recommended SentinelOne.

About SentinelOne
SentinelOne founded in 2013 and headquartered in Mountain View, California, sentinelone.com
is a cybersecurity software company. SentinelOne Singularity is one platform
sales@sentinelone.com
to prevent, detect, respond, and hunt in the context of all enterprise assets. + 1 855 868 3733
© SentinelOne 2020 S1-GSS-RDY-0622020