drop sentinelone deep visibility export · parse process + network events · runs locally
deep visibility · process tree · network events · local export only
heuristic screener · vendor schema varies · not definitive proof