ADVANCE NOTICE:  EDR “Queensland” SP3 Pre-Release Announcement

We are pleased to announce that on Wednesday February 16th Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “Queensland SP3” release. This release delivers significant enhancements to the management console.

Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available here:

Queensland SP3 includes:

Improved Usability in the Endpoint Actions

Starting in Queensland users will find improved usability when working with Endpoint Actions with the addition of Sub – Menus, Recently Used and Favorites.

  • Favorites – Hold the cursor on an action and click the star to show it at the top of the Actions menu.
  • Recently Used – A sub-menu of actions that you Recently Used shows at the top of the list for easy access.
  • Sub-menus – The menu is divided into sub-menus for easier navigation.

Pin Columns

The ability to Pin Left columns has been added to all tables in the Management Console, you can pin columns to the side of the table allowing them to remain visible while scrolling horizontally across the table. Use this for easier viewing and to compare data.

Click the ellipse in the column header to select Pin Left

Improved Endpoint Details

The Last active field in the Endpoint Details now shows the actual time that the endpoint last reported to the Management Console, in addition to how many days, hours or minutes ago it was active.

New View Options in the Threats Page

In Management Console versions the Incidents > Threats view was always organized by hash. Threats with the same hash were grouped together in one line. You can now choose if the threats are grouped by their hash or if each threat shows in its own row. When each threat shows in its own row, you can sort the table by reported time or by a different value.

Threats grouped by hash:

Threats NOT grouped by hash:

CSV Tasks Export (Standalone Only)

In Automation > Tasks, you can now Export tasks and their details to a CSV file. The tasks export based on the current filter. The Export option is available when the page is in Single View.

Copy Users (Standalone Only)

Easily create a new user with the role and access level of an existing user. For example, when a new employee starts, copy the site access and permissions from a different user and then make changes as needed.

Control Dynamic Group Ranking (Standalone Only)

When you create a new Dynamic Group, it automatically goes to the bottom of the Group Ranking list. This prevents Agents from being added to the new Group unintentionally. You can move the Group to the position that you choose in the Group Ranking page.

Wildcard Support

You can now use the asterisk * wildcard to represent one or more characters in searches throughout the Management Console. This includes Endpoints, Threats, Exclusions, Blacklist items, Packages, Tasks, and more.

Example 1: You can use the wildcard to create dynamic groups based on endpoint names in Sentinels > Endpoints. For example, if you use a naming convention for your endpoints of <type>_<name>_ <location>, such as SRV_1234_CA, you can filter for SRV_*_ CA to find all servers in California. Then create a dynamic group based on the filter that will automatically contain all endpoints that start with SRV and end with CA.

Example 2: In Incidents > Threats, use the wildcard to filter for threats that were found in a similar file path, such as */users/*/docs/tmp.

Exclusion Updates

Exclusion Catalogue Updates

 There are now new additions to the Exclusion Catalogue starting with new exclusions for N-able Backup, as well as Hyper-V. You can also expect to see updated exclusion paths for:

  • Citrix
  • FireEye Endpoint Security Agent
  • Acronis

The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Wednesday February 16th , at 10 am IDT / 9 am UTC +2/ 3 am EDT.  A few important things to note during this time:

  • All endpoints will continue to be protected.
  • EDR management console login and API access may be unavailable.

We are excited to provide these new features to customers, as well as evangelize them with prospects. One final reminder don’t forget to check out the full Release Notes at

As always, feedback is welcome on the release.

This entry was posted in N-central. Bookmark the permalink.