We are pleased to let you know that coming Monday April 8th, N-able EDR users will have available RemoteOps.

RemoteOps is a billable Add-on available for your sites using the EDR Complete License providing the advanced capabilities to remotely investigate threats across multiple endpoints and remotely manage your entire fleet. With RemoteOps Incident Responders can remotely investigate, mitigate, and respond to threats by running built-in or custom uploaded scripts directly from their EDR console. You can execute prebuilt scripts for data collection, perform actions, collect forensic artifacts. If the Script Library does not have the required script, you have the full capability to create and upload your own scripts to the Management Console.

These capabilities will be available for Standalone EDR and our new Enhanced Integrated version.

RemoteOps Benefits:

• Remotely investigate threats on multiple endpoints across a whole organization.
• Easily collect forensic artifacts in real time for deeper investigation.
• Accelerate triage and response with a built-in library of scripts.
• Evaluate critical security defenses to identify potential security compromises before an incident occurs.

RemoteOps Features:

• Run Built-in Action & Artifact Collection Scripts in addition to Data Collection Scripts
• Auto-Trigger on Incidents
• Upload and Run Custom Scripts.
• Execute Scripts directly from the SentinelOne console or via command-line interface.
• Investigate and analyze results at scale in within Deep Visibility.

RemoteOps can be enabled within the Sites Configuration screen by selecting the checkbox option Remote Script Orchestration (previously known as RSO). Once enabled RemoteOps will be available for all devices within the enabled Site.

Once enabled direct to the Automation Section within the Management Console to view RemoteOps. The Script Library gives you a wide range of scripts to collect various forensic artifacts, parse them, and show them in formats that are easy to analyze. Use the scripts to collect information such as hardware and software inventory and configuration, running applications and processes, files and directories, network connections, and more.

Scripts available include but not limited to:

• Action Scripts: Disable User, Change Local Password, Terminate/Start Processes, Download Files
• Data Collection: Process List, Get Environment Variables, Get Event Log, Get Services, Firewall Rules
• Artifact Collection: Forensic File Fetch (Windows/MacOs/Linux)

RemoteOps includes a Script Library from SentinelOne with scripts for all platforms, Powershell for Windows, and bash scripts for Linux and macOS.

Select and click on Script name to view the full details.

Easily Create and Edit scripts setting execution timeouts, add input instructions and output destination as required.

Roles allows you to set granular permissions for RemoteOps with a wide variety of options. Review the full Release Notes in N-able Me to view the full permissions required for RemoteOps usage.

Scripts can be run from various method:

• Directly from the Script Library, click play to run a script. When you run a script from this location it will run on all endpoint in your scope with the script’s defined OS.

• From an endpoint, In Endpoints, select one or more endpoints. Click Action and select Run Script.

• From the Forensic details: Click Action > Run Script.

RemoteOps also comes with Guardrails to prevent users from running unnecessary scripts, or from running scripts on more endpoints than is required. You can use guardrails to prevent a script being run on sensitive Scopes (Accounts, Sites, and Groups) without confirmation.

A script that matches the conditions of a guardrail cannot be run unless permission is given by the Admin, or a user with the necessary role permissions.

Define Approval Thresholds, requiring permission be granted before exceeding Quantity thresholds.

Password protect script execution.

Predefine RemoteOp Script limits within your Sentinels Policy settings.

To view the progress of a script direct to Automation > Task Management. You can see tasks in Bulk View, combined for all endpoints or Single View with the details for each task.

You can also see a list of tasks sent to a specific endpoint in the Tasks tab of the Endpoint Details.

Track RemoteOps Activities within the Activity section using Operations Filter to review:

• Script Guardrails Enabled: RemoteOps Approval Thresholds was enabled.
• Script Guardrails Disabled: RemoteOps Approval Thresholds was disabled.
• Script Guardrails Edited: RemoteOps Approval Thresholds configuration changed.
• Script Execution Sent For Approval: A RemoteOps script that meets the Approval Threshold criteria was added to the list of Pending Requests.
• Script Execution Approved: A RemoteOps script that meets the Approval Threshold criteria was approved to run.
• Operations: New Script Created/ Script Deleted/ Script Edited
• Script Execution Approved/ Command Sent/ Sent for Approval
• Remote Ops: Password Created & Password Deleted

You will also want to check out in Marketplace > RemoteOps Auto Response

RemoteOps Auto Response can be configured to respond to alerts and threats with RemoteOps scripts. You can configure automatic Data Collection, Artifact Collection, and Actions on the suspected or infected endpoint. This app lets you run RemoteOps to enrich data with incident information and to extend mitigation.

Trigger a script to run automatically from a defined trigger:

• All Threats (warning)
• All Malicious Threats
• Threats created by Users using ‘Mark as Threat’
• Threat is marked as ‘True Positive’

Combine with STAR (Custom Rules):

• Collect Browser artifacts.
• Pull open processes.
• See open Network Connections.
• Output for further analysis.

To learn more about RemoteOps pricing please reach out to your Partner Success Manager

Be sure to read the full details for RemoteOps including the provided Best Practices at N-able Me  and watch for our new RemoteOps course coming soon to N-able U.

For a Quick Video on How to Activate RemoteOps: https://www.youtube.com/watch?v=H_wUt3yzzq4