We are pleased to announce that on Wednesday September 7th Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “S” SP5. This release delivers significant enhancements to the management console.
Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available here: https://success.n-able.com/edr-documentation/
“S” SP5 includes:
More Control with Groups – Pinned Groups
From this version, the Group types for endpoints are different and improved to give you more control.
Pinned Groups – New in this release!
Select the endpoints that go in this Group. Endpoints are pinned to this Group and do NOT automatically move to other Groups.
Use this when: You want endpoints to have a specific policy and NOT to move to a Dynamic Group automatically. You can move endpoints from Dynamic Groups to Pinned Groups. You can assign endpoints to a Pinned Group on Agent installation with a Group Token.
Manual Groups – Static Groups are now called Manual Groups
Select the endpoints that go in this Group. Endpoints move automatically from this Group to a Dynamic Group if they match a Dynamic Group filter.
Use this when: You want endpoints to move to a Dynamic Group if they match a Dynamic Group filter. You can assign endpoints to a Manual Group on Agent installation with a Group Token. Use a Pinned Group instead if you want to make sure that endpoints stay in a Group.
Dynamic Groups – Dynamic Groups did not change in this release, but now you can use Pinned Groups instead of Dynamic Groups when that behavior is preferred.
Create an endpoint filter for a Dynamic Group. All endpoints that match the filter automatically move to this Group, except for endpoints in Pinned Groups. Set the priority for each Dynamic Group in Sentinels > Group Ranking. If an endpoint matches the filter for more than one Dynamic Group, it goes to the Group that has the highest ranking.
Use this when: You want to apply a specific policy based on the current endpoint attributes. The endpoint can move automatically between Dynamic Groups, or back to the Default Group if the Dynamic Group is deleted or no other Dynamic Group fits the endpoint. You can move endpoints from Dynamic Groups to Pinned Groups.
Ability to give Scope Access to a User from a Different Scope (Standalone Only)
A Site user can add an existing Site user to their scope.
UserX is a Site admin for Site1, Site2, and Site3. UserY is a Site admin for Site4. UserX can give UserY access to any of UserX’s Sites.
To add the user to the new scope, go to Settings > Users, and click Actions > Add New User. You enter the existing user’s email address and select their new scope.
Notifications for Account and Site Operations (Standalone Only)
From this version you set email and syslog notifications for Account and Site Operations in Settings > Notifications > Operations.
New Endpoint Filter by CSV
Easily filter the endpoints in your environment for many endpoint names by uploading a CSV file that contains all the values.
For example, an IT team exports a list of endpoints from the Console or from an external tool. These endpoints require a specific action. A SentinelOne admin uploads the list in Sentinels > Endpoints and the endpoints in the environment are filtered based on the list. Then the admin can run actions on the filtered endpoints.
You can combine the Endpoint Name CSV filter with other filters. For example, select the Decommissioned filter also to show all endpoints that match the CSV file, including decommissioned endpoints.
Endpoint Serial Number in the Management Console
The Serial Number of each Windows and macOS endpoint with Agent version 22.2+ now shows in the Sentinels > Endpoints window and in the Endpoint Details window. It is also included when you Export to a CSV file. Easily use the Free Text Search in filters to search for endpoints by Serial Number.
Also note, New users see the Serial Number column by default. Existing users must click Columns and select Serial Number to add the column to their view. Drag the column to the position in the table that you choose. In Windows, Serial Number is the SMBIOS serial number set by the system manufacturer in the system firmware. In macOS it is the Serial Number shown in About This Mac.
Reset Your Own Password (Standalone Only)
Management Console users who authenticate with 2FA can now reset their own login password if they forget it.
Click Forgot your password? in the login window to start the process
- For security reasons, self-reset password is only available for users who authenticate with Two-Factor Authentication. In the password reset process you must access the email address that you use to log in to the Console and enter your 2FA authentication code from your existing 2FA configuration on your personal device.
- Users get an email with instructions to reset their password.
- If users get locked out of the Console because they entered the wrong password three times, they can reset their password with this process and get unlocked.
- Each time a user’s password is changed, by their own initiation or by a different user, the user gets a notification email and an activity shows in the Activity Log in the Console.
Advanced Filters by Endpoint Tags
In the endpoint filters, you can now use filter conditions when you search for endpoint tags. You can use this to help you find endpoints that are missing tags needed for your workflows and to do operations on endpoints with specific tags.
Use these conditions for endpoint tags:
- Has Tag – Endpoints that have a specific tag.
- Does Not have Tag– Endpoints that do not have a specific tag.
- Has Any Tag– Endpoints that have endpoint tags applied to them.
- Has No Tags- Endpoints that have no endpoint tags applies to them.
Updated Exclusion Catalog with macOS Exclusions
The Exclusion Catalog now contains exclusions for macOS applications, in addition to the existing Windows applications. Use this tool to add exclusions for macOS applications in your environment only if you experience interoperability or performance issues when the application runs with the SentinelOne Agent. The exclusion recommendations are based on field experience and recommendations from vendors.
This release focuses on exclusions for performance issues with software development tools. Exclusions for these applications are in the Catalog: Git, GitHub Desktop, XCode, ccache, Visual Studio Code, JetBrains, JAMF, Homebrew, Python, PyCharm, Gradle, and Android SDK.
Note that SentinelOne will not be able to protect endpoints from exploits directed at the application vulnerabilities when you have these exclusions deployed.
Improved Site Management (Standalone only)
Make changes on multiple Sites with one action. For example, change the expiration date of multiple Sites that are close to expiration.
Add a Description for each Site. The description shows in the Sites and Site Info pages. It helps you identify the Site and lets you keep custom notes.
Improved Site Info pages
Firewall Control and Network Quarantine Improvement
Wildcards are now supported in the Application path for rules on Windows. For example, you can use a wildcard for the user’s directory in the application path:
Wildcards in the Application path are supported with Windows Agents from version 22.1. Agents of earlier versions or non-Windows Agents will ignore rules that contain a wildcard in the application path.
Improved API document (Standalone only)
Improved design of schema tabs for readability
Shows valid values for enum data types
We would also like to announce that N-able’s MSP Institute (available in our Partner Success Center) now includes a full Getting Started with EDR series these videos covering a wide range of topics.
The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Wednesday September 7th , at 10 am IDT / 9 am UTC +2/ 3 am EDT. A few important things to note during this time:
- All endpoints will continue to be protected.
- EDR management console login and API access may be unavailable.
One final reminder do not forget to check out the full Release Notes at https://success.n-able.com/edr-documentation/
As always, feedback is welcome on the release.