SentinelOne Deployment (macOS)
Description
SentinelOne is a cybersecurity company that specializes in endpoint security and threat intelligence. They provide a platform for autonomous endpoint protection that uses AI and machine learning to prevent, detect, and respond to a wide range of security threats, including malware, ransomware, and other cyberattacks.
This recipe will guide on how to setup and deploy to your macOS devices.
Ingredients
-
FileWave Central
- SentinelOne PKG installer
- SentinelOne Group/Site Token
Directions
CreatingEditing the Installation Fileset:
- Download and
uploadimport the SentinelOneprofilesFilesettointo FileWave Central Create(we'llahandlenewtheEmptyProfilesFilesetlater)- In
theaFileset,text editor, createa new folder under /usr/local/etc/FileWaveInstallers/ called SentinelOne and drop the PKG in. Createa plain textfile,file named com.sentinelone.registration-token,tokenandthatcopycontains only your Site/Group Token
ImportOpen the imported Fileset and replace the files under /usr/local/etc/FileWaveInstallers/SentinelOne with your registration token fileinto the sameand SentinelOnefolder as the PKGPKG.
Make sure the token file ownership is set to root:staff. You can change the ownership by selecting the file > Get Info > Ownership
-
The "com.sentinelone.registration-token" plaintext file must also be extension-less in the fileset and will not work if the file has a .txt extension at the end of the file name. If your filename ends in a ".txt" this can be removed/edited by right-clicking on the file in the fileset > "Rename".
Before: After:
Now we need tocreateeditathe install script so it points toinstall SentinelOne, usingthetokenuploadedto register.installer. - In Admin, select the SentinelOne Fileset and then select 'Scripts' in the
toolbartoolbar. CreateEdita newthe ActivationScript,Scriptand paste the following.'Instal_SentinelOne.sh'. You will need to change the name of the PKG to what you have uploaded. Click OK to save.
Now we need to import thesudo/usr/sbin/installer-pkgBefore: /usr/local/etc/FileWaveInstallers/SentinelOne/SentinelAgent_XXXX.pkgAfter: -targetYour/installer'sVideo:name will be differentCreatingtheInstallScriptYou'reall set with the Installer!Profiles.four Profiles to allow the installer the access and permissions it needs-
Import the Profiles that were downloaded with the Fileset. To do so, just drag and drop the Profiles into FileWave Central.
Video:
Importing Profiles
Profile Metadata shown below
Download the profiles attached to this article:SentinelOne_Profiles.zipUnzip the download and import the profilesVideo:Importing Profiles
Now deploy
We're all set! Now create a Deployment with the Fileset and four Profiles.
The Fileset contains a script that will only allow the Installation once all four Profiles have been installed. It is normal to see a Fileset failure the first andtry. then the Installer. SentinelOneIt will installkeep withtrying alluntil permissionsprofiles necessary.have installed.
The check_profile script logs each attempt and why it either failed or succeeded. You can see this log by right-clicking on the script in Client Info>Fileset Status. Select the Fileset in the list and the script status will show on the right. Right-click to see script output.
Profile Metadata
Service Management Profile
Privacy Control Configuration Profile
Network System Extension Profile
Team Identifier: 4AYE5J54KN
Allowed System Extensions: com.sentinelone.network-monitoring