ADVANCE NOTICE:  EDR “Rio” SP4 Release Announcement

We are pleased to announce that on Wednesday May 25th Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “Rio SP4” release. This release delivers significant enhancements to the management console. Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available here:

Rio SP4 includes:

Endpoint Tags

Use Endpoint Tags as custom labels on endpoints. Each Tag has a key and value. Tags are easy to see, use tags to search and filter, to create dynamic groups, and much more.

To create tags and use the new Tags page you will need to add Tag Management permissions for the activities needed: View, Edit, Delete and Create. To manage tags on endpoints users must have the Endpoint – Manage Endpoint Tags permission.

See the tags in your environment, the scopes in which they are available and who updated them and when.

In Sentinels > Endpoints:

The Endpoint Tags column shows the tags assigned to each endpoint. Expand the column to see more tags. New Users see the Endpoint Tags column by default. Existing users must click Columns and select Endpoint Tags to add the column to their view.

Check out the full release notes to learn more about Tags

Export Endpoint Information at Scale

Starting in Rio users can now export the details for more endpoints at one time. With two new export options users can chose between a Light report and Full report.

  • The Light report contains the most endpoint details. Use this to export details for up to 300,000 endpoints at one time.
  • The Full report contains the contents of the Light report plus network information, locations and more. Use this export for up to 50,000 endpoints at one time.

Resolve Bulk Threats Successfully from the Management Console

You can now resolve and change the status of up to 5,000 threats at one time from the Threats page of the Management Console. This works even if more than 5,000 threats are selected. The action will run on the first 5,000 threats and can easily be repeated until the action runs successfully on all threats.

Dark Mode in the Management Console (Standalone only)

Dark Mode gives the console a new look that is easier to see in low-light environments.

Easily turn on dark mode in your My User > Options > Switch to Dark Mode

Improved Onboarding for SSO Users (Standalone only)

New users that are created in a scope with SSO will now receive an email with instructions to log in to the Management Console with SSO. This happens if SSO is configured for the scope or a parent scope, and the user’s email address matches the configured SSO domain.

Marketplace (Standalone only)

SentinelOne Singularity Marketplace brings in an API-driven ecosystem of bite-sized, one click applications for unified prevention, detection, and response data and actions across attack surfaces with a few simple clicks. A one-stop-shop allowing you to browse and deploy joint technology solutions from a wide variety of categories such as Attack Simulation, Threat Intelligence, and much more..

SentinelOne’s Marketplace reduces the complexity of managing multiple solutions with one-click integrations that eliminate the need for massive time investments in logic, coding and configuration. Simply browse through the various categories, select your application integration of interest, click “Install Now” and follow the integration configuration and activation steps.

Each integration extends your EDR solution across your IT stack and enhances threats seen in the Management Console with notes and activity log entries helping you to quickly navigate the best course of action to remediation.

Check out the full release notes to learn more about Marketplace

We would also like to announce our EDR documentation available in Success Center now includes SentinelOne’s Knowledge base articles (KBs).

The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Wednesday May 25th , at 10 am IDT / 9 am UTC +2/ 3 am EDT.  A few important things to note during this time:

  • All endpoints will continue to be protected.
  • EDR management console login and API access may be unavailable.

One final reminder don’t forget to check out the full Release Notes at

As always, feedback is welcome on the release.

This entry was posted in N-central. Bookmark the permalink.