====== Sentinel One ======


===== Login Items =====
==== Background Items ====
{{:technology:applications:pasted:20231027-121758.png?600}}

Bundle Identifier: <code>com.sentinelone.</code>
===== Notifications =====
{{:technology:applications:pasted:20231027-121723.png?600}}

Bundle ID: <code>com.sentinelOne.SentinelAgent</code>

{{:technology:applications:pasted:20231027-115535.png?600}}

All settings should be checked.
===== Security and Privacy =====
==== Privacy ====
{{:technology:applications:pasted:20231027-121620.png?600}}

Application Bundle Identifier: <code>com.sentinelone.sentineld</code>

App Code Requirement:
<code>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

{{:technology:applications:pasted:20231027-115655.png?600}}

Application Bundle Identifier: <code>com.sentinelone.sentineld-helper</code>

App Code Requirement:
<code>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

{{:technology:applications:pasted:20231027-115707.png?600}}

Application Bundle Identifier: <code>com.sentinelone.sentineld-shell</code>

App Code Requirement:
<code>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

{{:technology:applications:pasted:20231030-081501.png}}

Application Bundle Identifier: com.sentinelone.SentinelAgent

App Code Requirement: <code>anchor apple generic and identifier "com.sentinelone.SentinelAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

{{:technology:applications:pasted:20231030-081518.png}}

Application Bundle Identifier: com.sentinelone.extensions-wrapper

App Code Requirement: <code>anchor apple generic and identifier "com.sentinelone.extensions-wrapper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

===== System Extensions =====

==== Removable Network Monitoring Extension ====

{{:technology:applications:pasted:20231027-121455.png?600}}

Team ID: 4AYE5J54KN

Bundle Identifier: com.sentinelone.network-monitoring

Allow Removable System Extensions: True

Allow User Override: True

==== Network Monitoring Extension ====
{{:technology:applications:pasted:20231027-121046.png?600}}

Team ID: 4AYE5J54KN

===== Web Filter =====

<WRAP center round important 60%>
Deployment of this profile causes a brief connection loss.
</WRAP>


{{:technology:applications:pasted:20231027-121203.png?600}}

Filter Grade: Firewall

Type: Plug-in

Filter Name: SentinelOne

Identifier: com.sentinelone.extensions-wrapper

Filter Socket Traffic: True

Socket Provider Designated Requirement: 
<code>identifier "com.sentinelone.network-monitoring" and anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</code>

Socket Provider Bundle Identifier: com.sentinelone.network-monitoring

===== Custom Commands =====

==== Status ====

{{:technology:applications:pasted:20231027-121945.png?600}}

{{:technology:applications:pasted:20231027-122216.png?600}}

Show the command response as attribute on Device Info: True

<code bash>
#!/bin/sh

# This script will check the status of the SentinelOne Agent
if command -v sentinelctl 1>/dev/null; then
        echo "SentinelOne agent is installed with version `sentinelctl version | awk '{print $2}'` and was connected to management console `sentinelctl config Server Address | tail -1 | awk '{print $2}'`"
else
        s1_agent=$(ps aux | grep -Ei "sentineld$" | awk '{ print $11 };' | grep -v grep)
                if [ -z $s1_agent ]; then 
                       echo "SentinelOne Agent is not Installed.";
                else 
                       s1_agent=$(echo $s1_agent | sed 's|sentineld|sentinelctl|g')
                        echo "SentinelOne Agent is running but could not locate SentinelCtl in the default PATH /usr/local/bin. The full path is - $s1_agent." ;
                fi
fi
</code>

===== Install PKG =====

{{:technology:applications:pasted:20231030-115743.png?1000}}

App Bundle: com.sentinelone.SentinelAgent

Pre-Install Script
<code>
token=""
echo "$token" | sudo tee %DownloadPath%/com.sentinelone.registration-token
</code>