Pre-Deployment

Create Users in the Management Console

Create SentinelOne Management Console users to let your security team log in to the Management Console and manage endpoint security.

How to Create a New User in the SentinelOne Console

Note: To create users to manage or view your SentinelOne console, you must have Site Admin permissions.

1. In the SentinelOne Management Console, select Settings in the left navigation pane.

2. In the Settings view, click Users.
3. Click New User. The New User window opens.
4. Enter the user's Full Name and Email address.

Note: In this version of the console, users log in with their email address.

5. Enter a Password for the user. Confirm Password in the next field.

Password Requirements

• 10 character minimum

• Passwords must contain three or more of these character types:

• Capital letters

• • Lower-case letters

• • Numbers

• • Special characters.

• Passwords cannot contain spaces

6. Select the Role or User Scope. You can select either Site Viewer or Site Admin.

1. • Site Viewer: The user will have read-only privileges for the site.

1. • Site Admin: The user will have administrative privileges for the site.

7. Click Save.

Integrate SMTP Servers

Configuring integration with your SMTP server enables the SentinelOne Management Server to send alerts to security personnel and stakeholders.

After you complete the SMTP integration, make sure to follow the instructions for configuring notifications in the next section.

How to Configure SMTP Integration

1. In the SentinelOne Management Console, select Settings in the left navigation menu.

2. In the Settings view, click Integrations. SMTP opens by default.
3. Enter data for your SMTP email server in the following fields:

1. • Host: Hostname and listening port of the SMTP server.

1. • SSL: Enable to use an SSL encrypted port.

1. • TLS: Enable to use a TLS encrypted port.

1. • Username / Password: Enter the username and password of the system administrator with authorization to access the SMTP server.

1. • No-reply email Optional: Enter a no-reply email address to be the sender of Management Console notifications.

4. Click Test. If the test passes, click Save. If the test fails, verify your settings and re-run the test.

Configure Email Notifications

After you integrate an SMTP Server, configure which SentinelOne activities trigger email notifications, and who receives the notifications.

In the view for one Site, you can configure settings specifically for that Site. If there is no server configured for a Site, it uses the Global settings.

How to Configure Email Notifications

1. In the SentinelOne Management Console, select Settings in the left navigation pane.

2. In the Settings view, click Notifications.
3. Select a Notification Type (for example, Administrative or Malware).
4. In the Email column, select which activities will trigger messages.
5. Under Notification Settings, click Recipients.
6. In Notification Recipients, click New recipient to add each new email address.
7. Click Save Changes.

Create Groups

Note: While groups can be created in either Dynamic or Static configurations, for optimal performance, Continuum recommends creating Static groups.

Organizing agents of a site into groups helps you manage agents easily and consistently. A group has one policy and shared exclusions. For example, you can create a group of endpoints that all use the same operating system version and update them in one command.

Agents belong to a specific site. Each agent can be assigned to only one group. Therefore, a group can only belong to one site.

• Dynamic groups are based on filters. Endpoints that match the filters' criteria are automatically added to the group. If an agent fits in more than one dynamic group, the conflict is resolved by Group Ranking. Learn more about filters and dynamic groups.

Important: If an agent in a dynamic group is detected as no longer matching the criteria for that group, the system removes the agent from the dynamic group and assigns it to the default group.

Best Practice: To create a dynamic group, first save the filter set.

• Static groups are based on manual selection.

Note: If an endpoint in a static group is determined by the filters of a dynamic group to be a match for that dynamic group, the endpoint is automatically moved to the dynamic group.

How to Create a Group

1. In the SentinelOne Console, select Network in the left navigation menu.

2. There are two methods for creating a new group from the Network view:

1. • Expand the Full site view menu and click New Group.

1. • From the Endpoints tab (Network → Endpoints) click on the Group button and select New Group.

3. In the Add New Group wizard, enter a name for the group.
4. For Group Type, select Static Group or Dynamic Group. (Note: For optimal performance, Continuum recommends creating Static groups.)

1. • If you select Dynamic Group, select the filter set to be applied.

5. In Group Policy, view the settings of the inherited policy. If the site has a policy, the group inherits the site's policy settings. If the site uses the Global default policy, the group inherits the Global default policy settings.

6. If you want to customize the policy for this group, click Change Policy, edit the policy settings as desired, and click Save.

7. Click Create Group.
8. Click Done.

Whitelist Agent Components in the Endpoint Antivirus Application

Note: This section refers to whitelisting that must be performed on the antivirus application installed on the endpoint.

The following SentinelOne agent folders and components should be whitelisted in the endpoint antivirus application:

• SentinelOne Folder: C:\Program Files\SentinelOne\*.*

• SentinelOne ProgramData Folder: C:\ProgramData\Sentinel\*.*

• SentinelOne Executable: SentinelOne.exe

Configure the SentinelOne Agent for VM Hosts

Note: For Windows versions of VMware and Hyper-V that host guest operating systems, it is recommended to disable SentinelOne from taking snapshots on the Host system. Read this section for more details and related limitations.

Fortify for Endpoint Security uses SentinelOne's rollback capability to allow you to restore any protected endpoint to its pre-infected state without impacting other benign activities on the endpoint. To do this, it makes use of Microsoft’s Windows Volume Shadow Copy technology (VSS). SentinelOne agent also protects the VSS snapshots to ensure that no malicious activity can prevent rollback functionality by prohibiting any other application from altering those snapshots.

If you are using Fortify for Endpoint Security on a Windows version of VMware or Hyper-V that hosts guest operating systems, the VSS writer will pause Guests during the snapshot process.

Note that this behavior is only applicable to Windows versions of VMware and Hyper-V.

To prevent this behavior, the following steps are recommended:

• Create a SentinelOne Group that contains only VMware and/or Hyper-V Hosts

• Modify the Group policy to disable the SentinelOne agent from taking VSS snapshots on the Host. This will not prevent the Fortify for Endpoint Security agent and VSS writer from running on the individual Guests associated with that Host.

*Important*: Please be aware that performing the steps below will invalidate SentinelOne's $1 million Ransomware Protection Warranty for the VM host machines. View SentineOne's Ransomware Warranty document for more details on warranty requirements.

How to Create the Host Group and Modify the Policy

Create the New Group

1. In the SentinelOne Console, select Network in the left navigation menu.

2. There are two methods for creating a new group from the Network view:

1. • Expand the Full site view menu and select New Group.

1. • From the Endpoints tab (Network → Endpoints) click on the Group button and select New Group.

3. In the Add New Group wizard, enter a name for the group.
4. For Group Type, select Static Group as we want to include specific endpoints and not a range of endpoints.
5. Enter a group name and click Next.

Modify the Policy

6. In the Group Policy section, click Change Policy.

7. In the Policy window, scroll down to the Agent Configuration section and locate the Snapshots toggle.
8. Slide the Snapshots toggle to the disabled position.

9. Click Create Group.

Add VMware/Hyper-V Hosts to the Group

10. In the Summary page, click either See Device List or Done.

Now, add your host to the group. You can only move devices from a static group. To remove a device from a dynamic group you will need to edit the rules for that group.

11. Navigate to the static group that currently contains the device.
12. Select the device
13. In the Group drop-down select Move to Group.
14. In the dialog box that opens, select the host group you just created and click Move.

You will see a confirmation that the move was successful.