This SentinelOne Vigilance Service Addendum (“Vigilance Addendum”) describes the Vigilance Service (as defined below) provided by SentinelOne, Inc. (“SentinelOne”) to the SentinelOne customer (“Customer”) identified in the signature box below who subscribed to the Singularity Platform (as defined in the MSA Solutions Addendum: Singularity Platform Terms) under the SentinelOne Master Subscription Agreement (“MSA,” available on the SentinelOne website, or another version of the MSA agreed to in writing among the Customer and SentinelOne and during the timeframe for such Vigilance Service subscription stated in a Quote or a valid Purchase Order (“Vigilance Subscription Term”). Capitalized terms used but not defined in this Vigilance Addendum shall have the meaning assigned to such terms in the MSA, and in case of a conflict among terms defined in the Vigilance Addendum and terms defined in the MSA, the MSA shall prevail.

The Vigilance service provides a turnkey managed threat detection and response services to augment Customer’s use of the Singularity Platform and enhance the Singularity Platform operations. SentinelOne offers two tiers of the Vigilance Services: Vigilance Respond which includes 24x7x365 monitoring of Customer’s Singularity Platform management console, triage analysis, as well as detection, prioritization and response services (“Vigilance Respond”) and Vigilance Respond Pro which offers Vigilance Respond services with full digital forensics analysis, better response SLAs, deep analysis and incident response hours (“Vigilance Response Pro”) as more fully described in the Vigilance Service Documentation (“Vigilance Documentation,” found here: (collectively, “Vigilance Service”).

The Vigilance Service is provided by highly trained SentinelOne analysts highly experienced in operating the Singularity Platform, who optimize the Singularity Platform capabilities to maximize threat detection, prioritization and response. Vigilance Respond includes various threat response activities (such as remediation and rollback), post incident intel driven hunting (such as active review and assessment of threats), forensics and remediation. Incident response services are provided only to Vigilance Pro customers that execute a separate Incident Response Agreement with SentinelOne and are subject to such Incident Response Agreement.

The Vigilance Service is provided by dedicated SentinelOne analysts utilizing SentinelOne’s management console and responding in real time to identified threats. The analysts respond to all identified threats on an ongoing basis based on severity classification by the Singularity Platform and make a commercially reasonable effort to handle all threats rapidly and effectively. All analysts’ activities are recorded within the management console and can be reviewed by Customer.

Customer authorizes SentinelOne to perform any remote analysis of Customer Data (as defined in the MSA) and use the File Fetch feature (as defined in the Documentation), which downloads full files (that may contain Customer Confidential information or Personal Information) from the Customer Endpoint to the SentinelOne management console as necessary for providing the Vigilance Services. Customer acknowledges and agrees that SentinelOne may be required to connect its computers and other necessary equipment directly to Customer’s computer network and consents to such activity in connection with providing the Vigilance Service.

SentinelOne warrants the provision of professional, timely and ongoing Vigilance Service in accordance with this Vigilance Addendum and the Vigilance Documentation, however SentinelOne does not warrant or guarantee identification of every existing threat, immediate or any resolution of every identified threat, error-free threat classification, correct incident prioritization, or satisfactory threat response or threat hunting. In subscribing to the Vigilance Service, Customer acknowledges that the foregoing disclaimers with respect to SentinelOne’s provision of the Vigilance Service. Without limiting the foregoing, SentinelOne provides the Vigilance Service as an “as is” service without any warranties, express or implied, including, without limitation, warranties of merchantability, fitness for a particular purpose, accuracy, non-infringement, or those arising by law, statute, usage of trade, or course of dealing, and SentinelOne’s liability and liability limitations in connection with the Vigilance Service shall be in accordance with its obligations under the MSA.

Priority Levels and Response Times
The SLA refers only to the Response Time by a Vigilance Service analyst to an event and is dependent on the tier of Vigilance Service.

“Response Time” means the elapsed time between the reported detection time by the SentinelOne agent and the time a Vigilance Service analyst annotated the event.

Event Type
(as defined in management console)
Response Time
Respond (within 90%)
Response Time
Respond Pro (within 90%)
Active/Suspicious 2 hours 1 hour
Mitigated/Blocked* 4 hours 2 hours

Including Active/Suspicious events in full disc scans detections.