SentinelOne Training Registration 1

Training Course Registration and Options 1

S1-200 SentinelOne Core Workshop 6

S1-201 SentinelOne Administrator Course 8

S1-202 SentinelOne Investigator Course 10

S1-203 SentinelOne Fundamentals Course 12

S1-204 SentinelOne Ranger Workshop 15

S1-205 Threat Hunting Workshop 17

S1-301 IR Threat Hunting Course 19

SentinelOne Training Registration 1

Training Courses and Descriptions

CPE Credit Information 2

Training Credits 3

SentinelOne Training Options 1

SentinelOne Resources 5

© SENTINELONE 1 MAY 11, 2020

SENTINELONE TRAINING CATALOG

SentinelOne Training Course Registration and Options

Registering for Training Course

To register for a training course, participants need to first purchase Training Credits from their sales representative. Participants can locate a public training course on the SentinelOne Training website. Participants can then email [email protected] with the class title, their name, organization and the requested date. Once approved, you will receive a registration acknowledgement email.

Group Live Training

In-person training allows for more interaction between the instructor and students without the distractions at work. In-person training increases student participation and focuses their attention. In-person training increases opportunities for student engagement, which then helps everyone to more successfully achieve the course’s learning objectives and this personal interaction with fellow students allows for the opportunity to gain insights and perspectives. Live trainings allow for the experience to be not only heard, but also to be experienced with all senses and emotions.

Group Internet Based (Live On-line) Training

Live Online trainings are led by certified instructors. Live Online training is a live, interactive virtual classroom solution where the students interact with the instructor and each other in ways that engage and challenge the learning process. Students have access an environment where they complete hands-on labs and complete assigned tasks. Live Online training is ideal for organizations with a distributed workforce. Employees from anywhere can register and participate in training without the expense and hassle of travel. Live On-line training requires the students to have good internet access.

mailto:[email protected]



Private Training An organization can request SentinelOne custom on-site training in order to align training to their workflows and learning goals. This allows for discussions around confidential internal information.

Field of Study – Information Technology – Technical CPE Credits for SentinelOne Courses

SentinelOne is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.

CPE stands for Continuing Professional Education. CPE credits are earned by participating in SentinelOne training courses, in-person and on-line classes. CPE approved training enables you to improve your skills and provide increased value to your employers throughout your career.

CPE Credit Matrix: SentinelOne Core Workshop 7 CPE Credits

SentinelOne Administrator Course 7 CPE Credits

SentinelOne Investigator Course 14 CPE Credits

SentinelOne Fundamentals Course 21 CPE Credits

SentinelOne Ranger Workshop 2 CPE Credits

SentinelOne Custom Training Courses Based on the length of the course

Attendance Requirements for CPE Credit

For information regarding attendance requirements for CPE credits, please contact our office at [email protected].

http://www.nasbaregistry.org/




Training Credits are designed for individuals and companies that want to purchase training for multiple employees and need the flexibility to decide who attends the training and when. Training Credits can be used to purchase online and on-site training courses as well as pay for SentinelOne Certification exams.

Ideal for volume license agreements, large projects, and end-of-year budget purchases.

Training credits cannot be used for T&E or other course related expenses. Clients will be responsible for the actual T&E after the training event is complete.

Training Credits Guidelines

• There is no minimum purchase requirements or Training Credits. • Training Credits must be redeemed within one year from the date of purchase. • Training Credits due to expire can be extended one more year with the purchase

of additional training credits. • Unused Training Credits at the end of one year are non-refundable. • Training Credits can be used for:

o SentinelOne Training Courses (Public Online or Private On-Site) o SentinelOne Certification exam fees

• When applied to training, Training Credits must be used for training that begins before the expiration date.

• The customer must designate a primary point of contact who will be authorized to schedule training for their employees.

• If a class attendee needs to reschedule a course, they must do so before the class starts in order to receive a credit refund.

• Any class attendees who fail to attend a course and does not notify training prior to the class starting will forfeit the Training Credits for that course.



Training Class Matrix: SentinelOne Core Workshop 1 Day Course – 2 Credits per seat

SentinelOne Administrator Course 1 Day Course – 2 Credits per seat

SentinelOne Investigator Course 2 Day Course – 4 Credits per seat

SentinelOne Fundamentals Course 3 Day Course – 6 Credits per seat

SentinelOne Ranger Workshop 2 Hour Course – 1/2 Credit per seat

SentinelOne Custom Training Courses 2 Credits per day per seat Contact SentinelOne Sales for more information and pricing: [email protected]

Cancellations, Refunds or Concerns

For information regarding cancellations, refunds or concerns, please contact our office at [email protected].





Resources

SentinelOne Resources Page https://www.sentinelone.com/resources/

Provides access to:

• White Papers

• Infographic

• Case Studies

• Datasheets

• Videos

• Reports

• Webinars

• eBooks

Subscribe to the SentinelOne Blog and Newsletter https://www.sentinelone.com/blog/

SentinelOne Core Workshop S1-200

This class syllabus is for information purposes only and is subject to change. SentinelOne makes no warranties, express or implied, in this document. SentinelOne is a registered trademark of Sentinel Labs, Inc.

Intermediate

1 Day

• Incident Responders

• System Administrators

• Instructor Led Training

• Live Online Instructor Led Training

7.0

Course Overview The SentinelOne Core Workshop provides the basic core knowledge and skills necessary to effectively use the SentinelOne platform for endpoint protection.

In this 1-day, hands-on course, attendees will be exposed to the following tasks:

• Gain an Understanding of the SentinelOne Console

• Working with Custom Dashboards

• Managing Accounts – Sites – Groups

• Installing and Managing Agents

• Managing User Accounts

• Policy Settings

• Device Control

• Firewall Control

• Filtering and Searching Functionality

• Threat Analysis, Mitigation and Resolution Workflow

• Mitigation Actions

• Managing the Blacklist

• Managing Exclusions

• Application Risk Management

• Introduction to Deep Visibility and Threat Hunting

• Working with Reports

The course includes multiple hands-on labs that allow students to apply what they have learned.

Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:

• Understanding of networking and network security

• Understanding of fundamental information security concepts • Read and understand the English language

• Perform basic operations on a computer

• Be familiar with the Microsoft Windows environment

DETECT RESPOND PREVENT HUNT

SentinelOne Core Workshop S1-200


Course Syllabus

Module 1 – Introduction Topics:

• Student and Instructor Introductions

• Class Agenda

• Introduction to SentinelOne

• SentinelOne Resources Module 2 – Management Console Overview

Learning Objectives:

• Management Console Views

• Scope View

• Dashboard

• Visibility

• Sentinels

• Analyze

• Applications

• Activity

• Reports

• Settings

• Custom Dashboards Module 3 – Administration


• Features by Admin Role



• Remote Functions for Endpoints

• User Management

• Policy Settings

• Device Control




Module 4 – Incident Response Learning Objectives:

• Filtering Functionality

• Searching Functionality

• Reviewing Threats

• Threat Mitigation Status


• Forensic Analysis of Threats


• Managing the Blacklist Module 5 – SentinelOne Deep Visibility


• Introduction to Deep Visibility

• Basic Threat Hunting Queries

Module 6 – Reports Learning Objectives:

• Creating Reports

• Editing and Deleting Reports

• Downloading a Report


SentinelOne Administrator Course S1-201

Intermediate

1 Day




7.0

Course Overview The SentinelOne Administrator course will provide the knowledge and the skills necessary to effectively administrator the SentinelOne platform. In this 1-day, hands-on course, attendees will be exposed to the following tasks:

• Get a Strong Understanding of the SentinelOne Console




• Policy Settings

• Device Control





Prerequisites This hands-on class is intended for students who have a basic understanding of networking, network information security monitoring and concepts and endpoint analysis.

To obtain the maximum benefit from this class, you should meet the following requirements:

• Read and understand the English language.

• Perform basic operations on a personal computer.

• Be familiar with the Microsoft Windows environment.

DETECT RESPOND HUNT PREVENT


SentinelOne Administrator Course S1-201

Course Syllabus



• Class Agenda

• Introduction to SentinelOne Module 2 – Management Console Overview



• Scope View

• Dashboard

• Visibility

• Sentinels

• Analyze

• Applications

• Activity

• Reports

• Settings

Module 3 – Administration Learning Objectives:



• Managing Agents

• Installing Agents

• User Management

• Policy Settings

• Device Control


• Full Disk Scan



• Application Risk Management Module 4 – Reports





• Raw Data Report .


SentinelOne Investigator Course S1-202

Intermediate

2 Days


• Incident Analysts



14.0

Course Overview The SentinelOne Investigator course provides the knowledge and the skills necessary to effectively use the SentinelOne platform for endpoint protection where it:

• Tracks everything as it happens

• Detects in real time, cloud or no cloud

• Responds & Recovers at machine speed

• Maintains context for easy threat hunting In this 2-day, hands-on course, attendees will be exposed to the following tasks:

• Get a Strong Understanding of the SentinelOne Console





• Full Disk Scans




• Remote Shell

• Deep Visibility

• Introduction to Threat Hunting

• Working with Reports The course includes multiple hands-on labs that allow students to apply what they have learned.








SentinelOne Investigator Course S1-202

Course Syllabus Module 1 – Introduction

Topics:


• Class Agenda


Module 2 – Management Console Overview



• Scope View

• Dashboard

• Visibility

• Sentinels

• Analyze

• Applications

• Activity

• Reports

• Settings

Module 3 – Incident Responder









• Full Disk Scan




• Remote Shell

Module 4 – Regular Expressions


• What are Regular Expressions

• Literal vs. Operators

• RegEx Syntax

Module 5 – SentinelOne Deep Visibility Learning Objectives:

• Understanding Deep Visibility

• Threat Hunting Query

• Taking Action

• Responding to Incidents

• Threat Hunting Queries

• Supported File Types for Deep Visibility Module 6 – Reports





• Raw Data Report Module 7 – Ranger


• Ranger Console

• Ranger Settings

• Scans

• Passive

• Active

• Identifying Rouge Devices

• Response


SentinelOne Fundamentals Course S1-203

Intermediate

3 Days





21.0

Course Overview

The SentinelOne Fundamentals course will provide the knowledge and the skills necessary to effectively use the SentinelOne platform for endpoint protection where it:

• Tracks everything as it happens

• Detects in real time, cloud or no cloud

• Responds & Recovers at machine speed

• Maintains context for easy threat hunting

In this 3-day, hands-on course, attendees will be exposed to the following tasks:




• Policy Settings

• Device Control






• Full Disk Scans

• Managing the Exclusions and Blacklists


• Remote Shell

• Deep Visibility and Threat Hunting

• Working with Reports The course includes multiple hands-on labs that allow students to apply what they have learned.









Course Syllabus



• Class Agenda


• SentinelOne Ranger Overview

• SentinelOne Vigilance Overview

• SentinelOne Resources Module 2 – Management Console Overview



• Scope View

• Dashboard

• Visibility

• Sentinels

• Analyze

• Applications

• Activity

• Reports

• Settings Module 3 – Administration





• Remote Functions for Endpoints

• User Management

• Policy Settings

• Device Control


Module 4 – Incident Response Learning Objectives:








• Full Disk Scan




• Remote Shell Module 5 – Regular Expressions


• What are Regular Expressions

• Literal vs. Operators

• RegEx Syntax Module 6 – SentinelOne Deep Visibility


• Understanding Deep Visibility

• Threat Hunting Query

• Taking Action

• Responding to Incidents

• Threat Hunting Queries

• Supported File Types for Deep Visibility



Module 7 – Reports





• Raw Data Report Module 8 – Ranger


• Ranger Console

• Ranger Settings

• Scans

• Passive

• Active


• Response


SentinelOne Ranger S1-204

Intermediate

2 Hour





2.0

Course Overview The SentinelOne Ranger course is a two-hour course that provides the knowledge and skills necessary to effectively use the SentinelOne Ranger platform for full visibility of network endpoints. This course will provide attendees an understanding of the SentinelOne Ranger platform and its functionality. In this two-hour, hands-on course, attendees will be exposed to the following tasks:

• Get an Understanding of the SentinelOne Ranger Console

• How to set Ranger scanning settings


• Ranger benefits

• Enterprise-wide visibility of connected devices

• Intelligent and automatic scan management

• Simple mapping of unmanaged endpoints

• Enriched Threat Hunting with unmanaged device information

• Network isolation of unwanted devices

• Ranger functionality

• Using agents as scanners

• Select specific networks to scan









SentinelOne Ranger S1-204

Course Syllabus



• Class Agenda

• Introduction to SentinelOne Ranger

• Requirements to use Ranger

• SentinelOne Resources Module 2 – Ranger Management Console Overview


• Ranger Management Console

• Ranger Settings

• Scan Settings

• Scan Configuration

• Network Dashboard

• Device Inventory Dashboard

• Scan Results

• Managed State

• Device Total

• OS Type

• Endpoint Listing Module 3 – Using Ranger


• Installed Agents

• Selecting Corporate Networks to Scan

• Enabling Ranger

• Selected Scanners

• Passive Scan

• Active Scan

• Scan Intervals

• Downloading Raw Date JSON


• Response

Threat Hunting Workshop S1-205


Intermediate

2 Hour

• Security Analysts • SecOps • SystemOps • Security Architects

• In-Person Instructor Led Training


2.0

Workshop Overview This workshop is designed for analysts that may have a requirement or desire to learn threat hunting or the managers of such analysts. Introductory course to threat hunting. Teaches students the responsibilities of a threat hunter, common tools used for threat hunting, and how to create and test a threat hunting hypothesis. Also serves as a precursor to threat response. Key topics are the difference between threat hunting and searching, the ATT&CK framework, hypotheses, IOC/TTPs and interpreting hunt results. In this two-hour, instructor-led course, attendees will be exposed to the following:

● The difference between hunting and searching

● The responsibilities of Blue and Red Teams

● Understanding and interpreting intelligence

● Building threat hunting queries

● Use SentinelOne’s EDR platform to perform threat analysis

Prerequisites Recommended prerequisites for this course are:

• Understanding of networking and network security • Understanding of fundamental information security concepts • Understanding of regular expressions

To obtain the maximum benefit from this class, you should meet the following requirements: • Read and understand the English language • Perform basic operations on a computer • Be familiar with the Microsoft Windows environment


Threat Hunting Workshop S1-205


Course Agenda

Section 1 – Introduction Topics:

• Instructor Introductions • Class Agenda • Introduction to threat hunting

Section 2 – Mindset of a Threat Hunter

Learning Objectives: • What a Blue Team does and which skills to take away from Blue Team experience • What a Red Team does and which skills to take away from Red Team experience • Intel

• Intel the process • Intel the product • MITRE ATT&CK

• Common Vocabulary • Behaviors > Indicators

• Paranoia • The cycle of thought that drives threat hunting

• Digital Forensics and Incident Response • What to look for, where to look for it and how to interpret the results

Section 3 – Hunting, Not Searching

Learning Objectives: • Difference between searching and hunting • Knowing when searching is OK • Building better hunts • Postulating • Creating and testing an attack hypothesis • IOCs, TTPs and TrueContext

Section 4 – Threat Hunting Lab

Learning Objectives: • Use Case: Take data from an intelligence report and using SentinelOne's EDR platform to find an

attack, answer questions about the severity and consequences of the attack, and proposing prevention measures against future similar attacks.

IR Threat Hunting Course S1-301


Advanced

One Day

• Security Analysts • SecOps • System Ops • Security Architects

• In-Person Instructor Led Training


7.0

Course Description The SentinelOne IR Threat Hunting course is designed for analysts that may have a requirement or desire to learn advanced threat hunting techniques to effectively hunt for threats in an organization’s network using the SentinelOne platform. Key topics are the difference between threat hunting and searching, the ATT&CK framework, hypotheses, IOC/TTPs and interpreting hunt results. In this one day, instructor-led course, attendees will be exposed to the following:

● EC Council’s 17 phases

● Threat Hunting and IR techniques

● Blue Team

● Red Team

● DFIR

● ATT&CK MITRE

● Remote Shell

● Firewall Orchestration

● Group policies

● API

● Hands-on Labs

Prerequisites Recommended prerequisites for this course are:

• Understanding of networking and network security • Understanding of fundamental information security concepts • Understanding of regular expressions

To obtain the maximum benefit from this class, you should meet the following requirements: • Read and understand the English language • Perform basic operations on a computer • Be familiar with the Microsoft Windows environment




Course Agenda

Section 1 – Introduction Topics:

• Instructor Introductions • Class Agenda • Class Setup

Section 2 – Mindset of a Threat Hunter

Learning Objectives: • EC Council’s 17 Phases • What is Threat Hunting • What a Blue Team does and which skills to take away from Blue Team experience • What a Red Team does and which skills to take away from Red Team experience • Intel

• Intel the process • Intel the product • ATT&CK MITRE

• Common Vocabulary • Behaviors > Indicators

• Paranoia • The cycle of thought that drives threat hunting

Section 3 – Hunting, Not Searching

Learning Objectives: • Difference between searching and hunting • Knowing when searching is OK • Building better hunts • Postulating • Creating and testing an attack hypothesis • IOCs, TTPs and TrueContext



Section 4 – Advanced IR Learning Objectives:

• Techniques o S1QL o Watchlists/WAR o Hunter Extension o Hermes o SIEM/SOAR

• Remote Shell o Scripting and Remote Execution

▪ Architecture ▪ Execution

• Reporting Section 5 – Threat Hunting with SentinelOne


• IR With SentinelOne o Containment and Acquisition

▪ Network Quarantine ▪ File Fetch

o Alerts ▪ Forensics Page ▪ Notes ▪ MITRE Mapping ▪ Incidents Page

o Deep Visibility ▪ TrueContext Map ▪ 30 days of Event Data

o Remote Shell ▪ Using other Forensic Kits (Scripts) ▪ Issuing WMI Commands

o “Mark as Threat” Workflow o Rollback o Remediation o Device Control o Firewall Orchestration o Group Policies o API

Documents

SentinelOne Training Registration 1