Scribd Logo
Upload

Welcome to Scribd!

  • Sentinel One SOP

    Uploaded by

    jasvinder singh
    282 views4 pages
    This document provides steps for resolving tickets related to files or applications blocked by SentinelOne as threats. It explains that Level 2 support should review the daily ticket list, and if the error message mentions a block by SentinelOne, they should follow the procedure to create an exclusion in SentinelOne for the blocked file or folder. This will require justification from the requesting team and confirming resolution with the user before closing the ticket.

    Original Description:

    Original Title

    Sentinel one SOP

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides steps for resolving tickets related to files or applications blocked by SentinelOne as threats. It explains that Level 2 support should review the daily ticket list, and if the error message mentions a block by SentinelOne, they should follow the procedure to create an exclusion in SentinelOne for the blocked file or folder. This will require justification from the requesting team and confirming resolution with the user before closing the ticket.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    282 views4 pages

    Sentinel One SOP

    Uploaded by

    jasvinder singh
    This document provides steps for resolving tickets related to files or applications blocked by SentinelOne as threats. It explains that Level 2 support should review the daily ticket list, and if the error message mentions a block by SentinelOne, they should follow the procedure to create an exclusion in SentinelOne for the blocked file or folder. This will require justification from the requesting team and confirming resolution with the user before closing the ticket.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Incidence Description: L2SOC01 

    Flowserve Internet Policy – File or application blocked by Sentinel one as a Threat.


    Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
    Support Level: Level 2   
     
    Additional Information/Considerations:  
    User Account naming nomenclature- 500 account- for contractor/ 100 account – for
    permanent hire/  CST_underscore account – contract third party account 
     
    How Do I Resolve  Follow These Steps: 
    Review daily ticket If the user receives an error message File or application blocked by
    list for Queue Sentinel one as a Threat then, follow below procedure:
    Monitored –
    Security_Global_F
    LS 

    - IMACD must Include the full business justification on why they


    need this File. This will need to be a comprehensive
    explanation and generic reasons will be automatically denied.
    1. In the sidebar, click  Sentinels. 
    2. In the Sentinels toolbar, click Exclusions. 
    3. Click New Exclusion and select Create
    Exclusion. 
    The New Exclusion window opens. 
    4. In Exclusion Type, select Path. 
    5. In OS, select the operating system for the
    exclusion. 
    6. In Path, enter the full path to the folder, with
    these rules: 
    7. After you enter a path, you see As File or As
    Folder next to the path. 
    As File - Only the single file is excluded (default). 

    As Folder - The whole folder at the path is excluded. 


    Click Change to switch between them. 
    8. If you select As Folder, you can select Include
    Subfolders. This adds all the subfolders to the
    exclusion. 

    9. If Binary Vault is available in the scope of the


    exclusion, the Exclusion Function options show.
    Make sure that Exclude path for alerts and
    mitigation is selected. 
    Optional: You can also select Exclude path for Binary
    Vault to not upload files in the path to Binary Vault.

     
    10. Select the Exclusion Mode: 
     Optional: Click More Options. For most
    exclusions, keep Suppress Alerts selected. To
    resolve interoperability issues, you will usually
    require a different option. 
     Optional: Click All engines to set
    the Agent to suppress alerts from specified

    engines only.  

     
    11. Optional: In Description, explain the reason for
    the exclusion. 
    12. Click Save. 

    Send mail to the user for confirmation and same update in the
    ticket.  After confirmation from user resolve the ticket. 
    a. Open ticket Turn Ticket status to In Progress and
    save 
    b. Then Click on Resolve.  
    c. Fill the 4 fields listed below Resolution method/
    Closure source/ Resolution/ Status reason 

    You might also like