Synopsis
In order to be able to provision sites with Vigilance Respond, you must first configure it in your SentinelOne Management Console at the Account level.
Prerequisites
- If you do not yet have Vigilance Respond in your Account, please contact your Sales representative.
- If Vigilance Respond is already configured at the Account level, you can provision sites following this guide: SentinelOne: Self-provisioning Sites with Vigilance
- You must have a set of escalation contacts defined for your Account. If the escalation contacts are not defined, the service does not work.
How to
To configure Vigilance for an Account
- Log in to the SentinelOne Management Console and in the Settings toolbar, click Accounts.
- Choose Incidents, then Threat Services and finally Overview.
- Click Configure Vigilance Respond.
- In Escalation Contacts, click Change Configuration.
Note: Escalation Contacts are required for the generation of an Account for the SentinelOne Support portal. - Enter the escalation contacts. These are the names and email addresses of escalation contacts whom the Vigilance team can contact when necessary.
- Click Save Changes.
The Overview page shows Vigilance Respond is configured.
Optional: You can override the default Response Policy in the Global or Account scope. Go to Incidents > Vigilance > Response Policy.
Click Change Configuration.
Select the allowed actions for true positive detections.
Select the allowed actions for false positive detections.
To prevent users from changing the Response Policy, deselect Allow lower scopes to alter response policy.
Click Save changes.