Advance Notice: EDR “S-24.2.6” Console Update Sunday August 25

Posted on August 21, 2024 by carlagajdecki

We are pleased to announce that on Sunday Aug 25th, during the SentinelOne’s regular scheduled Maintenance Window Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “S-24.2.6” for the consoles detailed below. This release delivers significant enhancements to the management console.

Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available on N-able Me

New in Version

The Platform releases now follow the versioning convention S-YY.N.X.BB, where: S is Singularity, YY is the year, N is the major version, and X is a minor version. For example, S-24.2.0.20 is a release in 2024. The major version is 2, the minor version is 0, and the build is 20. This replaces the alphabetical Management version and SPs.

“S-24.2.6” Includes:

Local Upgrade Authorization

Before you authorize local Windows Agent upgrades (or downgrades), you must first enable online authorization. Previously, you enabled online authorization by adding a Policy Override. Now, you can do this from the Console.

Turn ON the Local Upgrade/Downgrade: Online authorization toggle from the Agent settings on the Policy page.

The toggle is OFF by default. We recommend you enable this setting to ensure a secure upgrade (or downgrade) flow.

Sorting by creationTime Is Deprecated

Using creationTime to sort results is deprecated and should not be used. In the future, the ability to sort by creationTime will be completely removed. You can sort by uploadTime or updatedAt as an alternative.

Unified Alert Management Improvements

Unified Alert Management improvements now allow users to run bulk actions on up to 500 alerts. In addition to this change Users will also have the following improvements:

  • You can select two new True Positive verdicts from the available Analyst Verdicts:
    • PUA/Adware – Potentially Unwanted Applications or Adware.
    • Exploitation tool – Software to exploit vulnerabilities in computer systems, networks, or applications.
  • You can now run RemoteOps actions on alerts from the Actions menu.
  • Also note that Add to Blocklist has now been moved to the Actions Menu

Updates to the Exclusion Catalog

New Exclusions have been added to the Exclusion Catalog for the following applications: Bromium HP, Malwarebytes, Fortinet, and Datadog.

Exclusions for these applications are updated: Varonis, Citrix, FireEye, Fortinet, and Veeam.

Please note changes to the Exclusions Catalog are not automatically applied to existing exclusions. After an exclusion is added from the Catalog to your environment, that exclusion will not be updated dynamically from the Catalog in any way.

Granular Windows Agent Deployment Status Reporting

Now available full visibility in the console on the Agent Upgrade status when an Agent upgrade is triggered from the console (both from the Update Agent action and Automatic Upgrade Policy). This also includes many new return (exit codes) and detailed status messages. This is especially useful if the Windows Agent fails to upgrade because it is pending a user action.

These improvements will be seen on endpoints installed with the Windows Agent 24.1 or later (yet to be released)

New Guardrails for Firewall Rules

When creating Firewall rules, new controls make help to make sure that rules are not too broad or too restrictive.

  • The default value for rule parameters is no longer All or Any. Instead, a message shows that a value for the field is required.

The setting, Enable rule immediately after saving, is not selected by default. If All or Any is selected for one or more parameters, you must confirm before you automatically enable the rule.

Save only becomes enabled when all fields have a valid value.

Marketplace Reorganization and Updates

To improve the organization and searchability of apps in the Singularity™ Marketplace, some category and capability names were changed. Some of the changes are:

  • In Categories:
    • The category Threat Intel changed to Threat Intelligence.
    • Ingestion was removed from category names. Applications will show Other instead of Ingestion.
    • Chat changed to Collaboration.
    • Cloud Logs changed to Cloud Security.
  • In Capabilities:
    • Ingestion changed to Log Ingestion.
    • Sandbox changed to Automation.
  • Some apps moved to different categories:
    • Zscaler is in the Network category.
    • WatchTower is in the Threat Intelligence category.
    • Snyk is in the Application Security category.
  • Microsoft applications are now listed more clearly:
    • Microsoft 365 contains: Microsoft 365 Log Ingestion and Microsoft 365 Monitor
    • Microsoft Defender contains: Microsoft Defender Alert Ingestion

And More….

  • Changes in RBAC permissions in the Groups Category
    • The Groups – Move To Group permission was added in the Groups permissions category. This permission is required to move endpoints between Groups. It adds more granularity and control to the Groups permissions. This permission was previously included in Groups – Edit.
    • The Groups – Move To Group permission was added in the Groups permissions category. This permission is required to move endpoints between Groups. It adds more granularity and control to the Groups permissions. This permission was previously included in Groups – Edit.
  • New Correlation Entities added to STAR Correlation Rules (Device and Storyline). Users also now can create up to ten queries or each Correlation Rule.
  • Improvement for Exclusions that are Not Recommended
    • If the path for an exclusion is one of these system variables, it will show as Not Recommended and have a red exclamation point in the UI: %systemroot%, %ProgramFiles(x86)%, %ProgramFiles%, %SystemDrive%, %Windir%, %ProgramW6432%
    • If the path for an exclusion starts with one of these system variables but has more specific folders in the path, it will not show as Not Recommended. For example, %ProgramFiles%\foldername will not be marked as Not Recommended.

The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Sunday August 25th, at 10 am IDT / 9 am UTC +2/ 3 am EDT.  A few important things to note

Consoles scheduled for update include:

A few reminders;

  • Do not forget to check out the full Release Notes under EDR Documentation at N-able U
  • Do not forget to check out the full suite of EDR Courses on N-able U including our Deep Visibility and Ranger courses
  • With EDR’s easy self-enablement please be sure to view your license usage across Control, Complete Licenses and the Billable add-ons ( Ranger and our latest RemoteOps)

As always, feedback is welcome on the release.

This entry was posted in N-central, N-sight. Bookmark the permalink.