The Settings section in the SentinelOne Console is your central hub for configuration and management. Here's a detailed breakdown of its features with examples and practical insights:
1. Configuration
The Configuration tab provides an overview of licenses and key settings.
Licenses: See which features you have paid for, such as Remote Ops Forensic or Network Discovery.
Other Settings: Adjust session timeouts, password expiration policies, and more.
2. Notifications
As the name suggests, this feature allows you to set up alerts.
Example: You can configure an email notification to be sent whenever a threat is detected or if someone uninstalls an agent.
Customizable Events: Alerts for detection, policy violations, and endpoint changes.
3. Users
Here, you can create and manage users with specific roles.
Example:
SOC Team Role: Restrict permissions to prevent them from uninstalling agents.
IR Team Role: Allow broader control, such as agent uninstallation.
4. Integrations
This section enables the setup of third-party integrations for SMTP, Syslog, or SSO (Single Sign-On).
Features:
View and edit integrations.
Add or delete integrations to streamline your workflow with external tools.
5. Policy Override
This feature lets you temporarily override security policies for specific endpoints.
Real-Life Scenario:
A new testing agent triggered false positives, quarantining files (e.g., Excel files).
The SOC team was overwhelmed by the alerts.
Solution:
The policy was switched to "Detect Only" mode, stopping file quarantine.
SentinelOne support provided a policy override, resolving the issue without reverting the agent.
6. Accounts
Manage accounts for different clients, ensuring flexibility in a multi-client environment.
7. Sites
Create and organize Sites within your account hierarchy for better management.
8. Locations
Dynamic Policy Application adjusts protection based on network location.
Example Features:
Stricter policies on untrusted networks (e.g., public Wi-Fi).
Define trusted networks by IP ranges, DNS servers, or gateway IPs.
Pro Tip:
SentinelOne’s flexibility in settings allows organizations to adapt quickly to unique challenges, such as managing alerts, integrating external tools, or handling network-based policies. The Policy Override feature, in particular, can be a lifesaver during unexpected situations like false positives.
-------------------------------------------------------------------------------------------------------------
Wrapping Up SentinelOne: Transitioning to the Newer Console
That’s a wrap for exploring SentinelOne’s older console! As a heads-up, SentinelOne has rolled out a newer console with updated features and a refreshed UI. While the newer version offers more functionalities, it might feel slightly more complex initially.
My Advice:
If you’re just starting out with SentinelOne:
Begin with the older console: It’s simpler and provides a solid foundation.
Transition to the newer console once you’re comfortable.
Stay Connected:
Thanks for sticking around! If you found this guide helpful and want to stay updated:
Bookmark this website for easy access to more articles.
Sign up for notifications on my website to get updates on the latest guides, tips, and tutorials.
More insights on SentinelOne’s newer console and advanced features are coming in the next article—stay tuned! 🚀