ADVANCE NOTICE: EDR “Y” SP5 Release scheduled Sunday April 21st

Posted on April 17, 2024 by carlagajdecki

We are pleased to announce that on Sunday April 21st, during the SentinelOne’s regular scheduled Maintenance Window Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “Y” SP5 for the consoles detailed below. This release delivers significant enhancements to the management console.

Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available on N-able Me

“Y” SP5 Includes:

Singularity Threat Intelligence Configuration Enhancements

Starting with the Y Console update you can exclude specific IoCs from being matched with the Threat Intelligence database, which will prevent a threat from being created for that specific IoC. You can also completely disable threat creation for all Mandiant IoCs.

These new API requests are available for Threat Intelligence:

  • Run Get Threat Intelligence User Config (GET /threat-intelligence/user-config) to see Threat Intelligence user configuration, including a list of IoCs excluded from Threat Intelligence Indicators and threat creation. You can also see if threat creation for Mandiant IoCs is disabled or not.
  • Run Create Threat Intelligence User Config (POST /threat-intelligence/user-config) to create Threat Intelligence user configuration, including an IoC exception list, and to disable threat creation for Mandiant IoCs .
  • Run Delete Threat Intelligence User Config (DELETE /threat-intelligence/user-config) to remove Threat Intelligence user configuration.

Be sure to check the Release Notes for full details

Improved Security and Predictability for Console Session Timeout and Inactivity Timeout

The Session timeout and Inactivity timeout for the Management Console help to protect your environment from unauthorized access. Starting in Y the behavior and valid values are updated.

  • New values for Session timeout from Management version: 15-60 minutes or 1-24 hours
    • Default for new Consoles: 24 hours
    • For existing Consoles:

If the existing value is higher than 24 hours, it will change to 24 hours when the environment is upgraded to Y.

If the existing value is lower than 24 hours, it will stay at that value.

  • New values for Inactivity timeout from Management version: 5-60 minutes
    • Default for new Consoles: 30 minutes
    • For existing Consoles:

If the existing value is higher than 60 minutes, it will change to 60 minutes when the environment is upgraded to Y

If the existing value is lower than 60 minutes, it will stay at that value.

For more details, see Configuring Session and Inactivity Timeout and Management Console User Login and Session Security in the EDR Help on N-able Me

More Protected Actions to Enhance the Security of your EDR Environment

in Version Y SP5, these actions will become protected actions that require re-authentication from the Console:

  • Uninstalling Agents
  • Approving Agent Uninstallation

New Security Recommendation for Protected Action Authentication with Your IDP

  • For improved security when using IDP authentication for protected actions in environments with SSO, there is a new security recommendation from Management version Y: Set the response that the Console gets from your IDP to be signed. In an upcoming release this will be required to let users run protected actions. We recommend that you change this in your IDP configuration as soon as possible.

Application Management Integration With Jira

Improve your workflows for patching applications with the new integration of Jira and Application Management in the Management Console. Create Jira tickets for applications and endpoints that require patching based on vulnerabilities found by Ranger Insights, and see the progress of the tickets in the Management Console. This requires Ranger Insights and the Singularity Marketplace Jira application.

The Console API is Now Available as a Swagger File

You can now download the SentinelOne Management API as a Swagger (JSON) file from the Management Console. Use the JSON file with a variety of languages and tools to create integrations with your Management Console. This replaces the Management SDK that was available from the Management Console. The Management SDK worked only with Python

To download the JSON file:

  1. In the Management Console, click Help and select API Doc.

The API Doc opens in a new tab.

  1. At the top of the API Doc, click Download API Swagger File.

Removal of the Requires Patching Application Filter

The feature that detects applications that require patching is being updated to utilize the capabilities of the new Application Management feature. As a result, the current Requires Patching widget in the Dashboard, Vulnerability Status – Requires Patching filter in the Endpoints page, and the Patch_required option in the appsVulnerabilityStatuses parameter of the Get Agents API are removed in this Management version.

The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Sunday April 21st , at 10 am IDT / 9 am UTC +2/ 3 am EDT.  A few important things to note during this time:

  • All endpoints will continue to be protected.
  • EDR management console login and API access may be unavailable.

Consoles scheduled for update include:

A few reminders;

  • Do not forget to check out the full Release Notes under EDR Documentation at N-able U
  • Do not forget to check out the full suite of EDR Courses on N-able U including our new Deep Visibility and Ranger courses
  • With EDR’s easy self-enablement please be sure to view your license usage across Control, Complete Licenses and the Billable add ons( Ranger and our latest RemoteOps)

As always, feedback is welcome on the release.

This entry was posted in N-central, N-sight. Bookmark the permalink.