How-to install SentinelOne (S1) for Endpoint Protection

SentinelOne (S1) is a next-generation anti-virus solution that detects and responds to cyber threats like malware and ransomware. S1 provides a lightweight single-agent approach with AI capabilities. (Source https://security.utoronto.ca/about/cyberstrategy/epp/sentinelone-project/ ).

The ITS Private Cloud recommends the deployment of S1 on your virtual instances for an additional layer of visibility and security to your virtual servers.

This how-to will guide you through installing S1 agent on Ubuntu, however we provide installers for Linux and Windows OS available at vskey-stor.eis.utoronto.ca:/ut-vss-lib/sentinelone.

Requirements

Site Token. To associate your virtual instance to your department SentinelOne, you need an site token. If you have one, you are good to go. Otherwise, reach out to the Endpoint Protection Support (https://security.utoronto.ca/about/cyberstrategy/epp/support/ ) Team to get started.
ITS Private Cloud account. Used to download the installers from the VSS User Storage (vskey-stor.eis.turoonto.ca) to the server.
Admin Credentials. Account with administrative privileges to install the agent.

\uD83D\uDCD8 Instructions

Login to the target server and promote as administrator/root.

With your preferred SFTP client login to vskey-stor.eis.utoronto.ca using your VSS credentials and fetch any of the available installers based on the host operating system:

sftp user@vskey-stor.eis.utoronto.ca
(user@vskey-stor.eis.utoronto.ca) Password:
Connected to vskey-stor.eis.utoronto.ca.
sftp> get /ut-vss-lib/sentinelone/SentinelAgent_linux_x86_64_v24_1_2_6.deb
Fetching /ut-vss-lib/sentinelone/SentinelAgent_linux_x86_64_v24_1_2_6.deb to SentinelAgent_linux_x86_64_v24_1_2_6.deb
SentinelAgent_linux_x86_64_v24_1_2_6.deb                                                                       100%   45MB  51.8MB/s   00:00
sftp>

Run the installer:

apt install ./SentinelAgent_linux_x86_64_v24_1_2_6.deb

Associate the instance with your department site token:

/opt/sentinelone/bin/sentinelctl management token set {{ sentinelone_token }}

Start the service

/opt/sentinelone/bin/sentinelctl control start

Note that the first run takes a few minutes until shown at the SentinelOne Management Console (https://cace1-201.sentinelone.net/login).

If you have any questions about S1, please reach out to the InfoSec Support teamhttps://security.utoronto.ca/about/cyberstrategy/epp/support/ .

\uD83D\uDCCB Related articles

Page:

How-to use the --columns option in the vss-cli?
Page:

How-to upgrade NetWorker Client for UTORrecover
Page:

How-to Create Virtual Machine Snapshot
Page:

How-to Request Virtual Machine Restore
Page:

How-to update your contact information on a Virtual Machine