Today’s blog post will focus on a new enhancement to our Deep Visibility solution. With our Central Park release, we have introduced the concept of Watchlists.
This module allows the SentinelOne administrator to create alerts based off Deep Visibility data, which could be anything from modifications to critical files, web requests to a given URL, access to a given IP or DNS name, discovery of a specific process within the environment, & etc. The sky is the limit when it comes to creating entries within the Watchlist. The image below is an example of a Watchlist.
In the video below, I walk though a basic configuration of Watchlist, demonstrate a watchlist around access to pastebin.com over SSL, and lastly show the discovery of a few potentially unwanted processes discovered within the environment.