How-to install SentinelOne (S1) for Endpoint Protection

Owned by JM Lopez, created
Last updated: Jul 15, 2024
2 min read

Table of Contents

Introduction

SentinelOne (S1) is a next-generation anti-virus solution that detects and responds to cyber threats like malware and ransomware. S1 provides a lightweight single-agent approach with AI capabilities. (Source https://security.utoronto.ca/about/cyberstrategy/epp/sentinelone-project/ ).

The ITS Private Cloud recommends the deployment of S1 on your virtual instances for an additional layer of visibility and security to your virtual servers.

This how-to will guide you through installing S1 agent on Ubuntu, however we provide installers for Linux and Windows OS available at vskey-stor.eis.utoronto.ca:/ut-vss-lib/sentinelone.

Requirements

Site Token. To associate your virtual instance to your department SentinelOne, you need an site token. If you have one, you are good to go. Otherwise, reach out to the Endpoint Protection Support (https://security.utoronto.ca/about/cyberstrategy/epp/support/ ) Team to get started.
ITS Private Cloud account. Used to download the installers from the VSS User Storage (vskey-stor.eis.turoonto.ca) to the server.
Admin Credentials. Account with administrative privileges to install the agent.

Instructions

  1. Login to the target server and promote as administrator/root.

  2. With your preferred SFTP client login to vskey-stor.eis.utoronto.ca using your VSS credentials and fetch any of the available installers based on the host operating system:

    sftp user@vskey-stor.eis.utoronto.ca (user@vskey-stor.eis.utoronto.ca) Password: Connected to vskey-stor.eis.utoronto.ca. sftp> get /ut-vss-lib/sentinelone/SentinelAgent_linux_x86_64_v24_1_2_6.deb Fetching /ut-vss-lib/sentinelone/SentinelAgent_linux_x86_64_v24_1_2_6.deb to SentinelAgent_linux_x86_64_v24_1_2_6.deb SentinelAgent_linux_x86_64_v24_1_2_6.deb 100% 45MB 51.8MB/s 00:00 sftp>

  3. Run the installer:

    apt install ./SentinelAgent_linux_x86_64_v24_1_2_6.deb

  4. Associate the instance with your department site token:

    /opt/sentinelone/bin/sentinelctl management token set {{ sentinelone_token }}

  5. Start the service

  6. Note that the first run takes a few minutes until shown at the SentinelOne Management Console (https://cace1-201.sentinelone.net/login).

  7.  

If you have any questions about S1, please reach out to the InfoSec Support teamhttps://security.utoronto.ca/about/cyberstrategy/epp/support/ .

Related articles

University of Toronto - Since 1827