Overview
The Addigy Security Suite, powered by SentinelOne, enables powerful, integrated incident response and threat management for Apple device environments. This guide explains how to track, review, and respond to security incidents detected by SentinelOne using Addigy’s unified dashboards.
Tracking Security Incidents - Step by Step Guide
When SentinelOne detects a threat or suspicious activity, these incidents automatically appear in the Addigy dashboard for quick review and action.
1. Accessing Incident Reports
- Navigate to Dashboards > Threats & CVEs > Threats Tab in the Addigy admin console.
- Here, all active and historical threat incidents detected by SentinelOne are listed for managed devices.
2. Reviewing Incidents
- Scan the list for incidents marked as Not Mitigated or any reports requiring attention.
- For each entry, you can:
- Click View Details to open an in-depth incident summary.
- Choose View in SentinelOne for further investigation or advanced response actions.
- Select View Device Details in GoLive to get contextual information about the affected device.
3. Understanding Threat Details
- The View Details option provides rich information about the detected threat, including:
- File Hash
- File Path
- Threat Classification
- Current Status (e.g., mitigated/not mitigated)
- Analyst Verdict (evaluating the threat’s potential impact).
4. Taking Remediation Actions
- If further action is required, use the Addigy console to take immediate action, or the View in SentinelOne button to launch SentinelOne’s management console and initiate remediation tasks, such as isolating, quarantining, or deleting malicious files.
Actions can be manual or, for accounts with managed detection response (MDR) or threat hunting services, coordinated by expert teams.
Summary
Addigy Security Suite brings centralized incident response and threat remediation to your macOS environment. With streamlined dashboards and actionable alerts, organizations can achieve compliance and security, leveraging both automated and manual response workflows for best-in-class device protection.