We are pleased to announce that on Wednesday May 17th Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “Venice SP5”. This release delivers significant enhancements to the management console.
Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available here: https://success.n-able.com/edr-documentation/
“Venice” SP5 Includes:
XDR Actions and Enrichments for Threats (Standalone only)
Use applications in the Singularity™ Marketplace together with your SentinelOne Management Console to enrich data about threats and run XDR Actions on threats. For example, block a user in OKTA directly from the threat Forensics page.
Examples of Marketplace Applications supported for XDR threat actions and enrichment are Okta, Mimecast, and Zscaler.
- When the Management Console detects a threat, it checks if there are applications in Marketplace that have more information about the infected endpoint, the logged-in user, the hash, or other threat details, also called enrichments. You can see the available response actions from different Apps in Marketplace and select which actions to run.
- In the Overview of the threat, a new XDR tab shows next to Threat Indicators and Notes. See all enrichments and actions available from XDR Apps. If an XDR action was run already, the results also show in the XDR tab.
To run an XDR action on a threat, click Actions > XDR Response Actions.
To learn more about Marketplace applications, actions and responses check out the full Release Notes at https://success.n-able.com/edr-documentation/
Updates to the Exclusion Catalog
Note: Exclusions that exist in your environment are NOT updated dynamically with these changes. The following changes are now in place:
- Added exclusions for Nuabee Backup.
- Updated exclusions for Trend Micro.
- The macOS exclusions for JAMF were updated to be more effective. They are now Certificate exclusions.
- Note that a Certificate exclusion on macOS is a performance focus exclusion. It disables monitoring of the excluded processes, in addition to suppressing alerts.
Improved Management of Exclusions created from the Exclusion Catalog
New columns are available in Exclusions letting you easily find which application exclusions are relevant in your environment:
- Application Name shows the name of an application if its exclusion was created from the Exclusion Catalog.
Exclusions created manually show N/A.
- Inventory Listed shows if the application is found in the Application Inventory for at least one endpoint in the scope.
Import Exclusions and Blacklist Items with a CSV File
You can now use the Management Console or API to import exclusions and blacklist items in bulk, with a CSV file, to a specified scope.
In the import window, select the destination scope and the file to import. The exclusions or blacklist items are imported to the selected scope.
If some items do not import successfully, you can download the Validation Report to see why they did not import and to try to fix the issues.
After you import items, you can use the Imported – Yes filter on the Exclusions or Blacklist page to find imported items. No shows for items that were not imported. You can also use the new Imported column in the Exclusions or Blacklist table to see which items were imported.
API Doc Search Improvement (Standalone Only)
The search in the API Doc menu is improved to find categories, and not only specific API requests.
The search for a string in the Body Schema or Response Schema of a specific API now works as expected.
Improvements in the User Role (RBAC) UI (Standalone Only)
The role Window is now clearer and easier to use
Use one of the Search fields in the role window to find a Console page name or permission.
- The Role Name and Description show at the top of the window.
- When you create a role, the default state of permissions is NOT selected. In earlier versions, the default was selected. To use a different role as a template, Duplicate a role.
- Some names of Console pages were changed in the Role window.
To learn more about the RBAC changes check out the full Release Notes at https://success.n-able.com/edr-documentation/
Improvements and Search in the Notifications UI (Standalone users only)
The Notification page is now divided into Settings, to select the activities and notification types, and Recipients, to enter email recipients. You can search in the notifications to find a specific activity.
The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Wednesday May 17th , at 10 am IDT / 9 am UTC +2/ 3 am EDT. A few important things to note during this time:
- All endpoints will continue to be protected.
- EDR management console login and API access may be unavailable.
One final reminder do not forget to check out the full Release Notes at https://success.n-able.com/edr-documentation/
As always, feedback is welcome on the release.