Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started

WatchTower

Personalized 24x7 threat hunting services and expert analysis to help security teams maximize threat visibility and identify emergent attackers.
Get a Demo

24/7 Threat Hunting Expertise

WatchTower and WatchTower Pro provide access to a pool of globally-distributed, specialized talent – ready to augment your existing team’s threat hunting capabilities.

Extend your visibility into novel and emergent attacker techniques, as well as today’s most prolific threat campaigns with real-time threat hunting and enhanced analytics.

SentinelOne’s 2024 Annual Threat Hunting Report

Expert analysis of the top cyber threats of 2024

Download the Report
SentinelOne’s 2024 Annual Threat Hunting Report SentinelOne’s 2024 Annual Threat Hunting Report

How WatchTower Services Uncover the Unknown

Call on SentinelOne’s team of experienced threat hunters to search every corner of your enterprise for unwanted risk

Deep-Dive Hunts & Assessments

Have peace of mind knowing we identify every relevant risk factor to your business, from active or historical Indicators of Attack to risky internal practices. WatchTower Pro subscribers also get in-depth assessments of their attack surface, risk posture, and internal security practices.

Designated Hunting Support

Work with a threat hunter dedicated to your security team and backed by SentinelOne’s experts. Get prioritized areas of concern specific to your organization and tailored recommendations for cyber resilience.

Custom Reports & Recommendations

Understand your attack surface and security posture with customized reporting that includes detailed findings, analysis & commentary, and remediation guidance.

Follow-Up Verification Hunts

Proactively reduce risk with verification hunts that ensure previously identified risks from the Compromise Assessment are fully remediated.

Threat Hunting Library Access

Hunt on your own terms with unlimited access to queries in the WatchTower Threat Hunting Library—without the need for a full-time threat intelligence team.

Emerging Threat Coverage

Adapt and respond to APT campaigns as they unfold with proactive hunting and intelligence from WatchTower

Hunt on Your Terms

While our WatchTower services leave you in the hands of our expert team, you can hunt any time with unlimited access to queries in the WatchTower Threat Hunting Library. The WatchTower Threat Hunting Library is tagged and organized by threat actor, campaign, malware family, and MITRE TTP to make hunting simple and accessible— without the resource requirements of a full-time threat intelligence team.

WatchTower Threat Intelligence Library WatchTower Threat Intelligence Library

Global Hunting Team 24x7 team of threat hunting experts

Emerging Threat Detections Global incident, supply chain & 0-day monitoring

Intelligence-Based Hunting Active campaign tracking & TTP hunting

Machine Learning Hunts Precision models to identify anomalous events

Behavioral Hunting Hands-on-keyboard and insider threat attack pattern detection

Threat Intelligence Reporting Monthly & Flash reports

WatchTower Hunting Library Hunt queries

Premium Hunting Support Designated threat hunter for custom hunts and intel on-demand

Compromise Assessments Bespoke threat hunting program development, reporting & mitigation guidance

External Hunting Attack surface mapping, dark web exposure, domain mimic, and vulnerability monitoring

WatchTower

WatchTower PRO

✓ Included

WatchTower FAQ

What is the difference between WatchTower and WatchTower Pro?

WatchTower is a managed threat hunting offering that searches your environment for known and emerging threats in real-time. WatchTower Pro builds on WatchTower and adds additional custom threat hunting along with risk assessment and mitigation guidance. WatchTower Pro hunters not only hunt for threats but also conduct comprehensive assessments tailored to your specific industry, region, and individual network architecture, policies, and procedures. WatchTower Pro Hunters design a bespoke threat/risk hunting and mitigation program for your environment. Plus, with attack surface mapping, dark web exposure reviews, and premium support, it’s like having a full team of threat hunters at your disposal.

How often are the WatchTower reports published?

WatchTower releases TLP: AMBER reports on a monthly basis. The SentinelOne threat hunting team also provides WatchTower subscribers with proactive communication for notable threats as they arise.

What is the difference between the TLP: AMBER and TLP: WHITE versions of the WatchTower reports?

WatchTower provides monthly TLP: AMBER reports to subscribers, which contain sensitive intelligence, including specific IOCs, TTPs, case studies, and campaign analysis drawn from SentinelOne telemetry.

Previously published TLP: WHITE WatchTower reports are also available in the SentinelOne Community’s WatchTower threat intelligence library.

How can SentinelOne help respond to detected threats?

As part of the WatchTower service, customers receive expert guidance on how to mitigate emergent threats such as ransomware or cyber criminal activity as they arise. If a WatchTower target is detected in the customer environment, Singularity Complete customers are delivered tailored remediation steps, or Vigilance MDR analysts will automatically contain and remediate threats on behalf of the customer.

Learn more about WatchTower

See firsthand how personalized 24×7 threat hunting services and expert analysis can help you maximize threat visibility and identify emergent attackers.

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo