This article show the guideline for our customer to install Managed XDR For Workstation (Sentinel One) for off-premise devices that not under Exabytes management nor control.
For each environment, the process or steps are provided accordingly;
Windows
The following steps serve as a guide on how to install a Windows endpoint:
1. Allow outgoing port on TCP port 443, Click Allow the connection
Go to the Windows Firewall -> Advanced Security -> Outbound Rules
Click "New Rule" -> Port, click Next
2. Allow outgoing connection to IP addresses
Click "New Rule" -> Custom -> All Program -> Enter "Next"
Enter the IP address given
54.179.96.191
54.169.96.95
13.228.31.64
13.215.247.89
18.136.25.234
13.250.212.49
3. Install the agent from the link below:ll
http://pkg.exa-csoc.net/s1/SentinelInstaller_latest.exe
4. Please run the group token below to enroll in the customer group:
eyJ1cmwiOiAiaHR0cHM6Ly9hcG5lMS0xMDAxLnNlbnRpbmVsb25lLm5ldCIsICJzaXRlX2tleSI6ICJjY2JkOTYyYTY3YjU1NzdmIn0=
5. To limit VSS space consumption, please run below command on cmd :
# vssadmin resize shadowstorage /For=C: /On=C: /MaxSize=30GB
Linux Red Hat/CentOS/Cloudlinux
The following steps serve as a guide on how to install a Linux endpoint:
1. Allow outgoing port on TCP port 443.
# sudo yum install firewalld
# firewall-cmd --state
# firewall -cmd --zone=public --add-service=https
# sudo systemctl start firewalld
2. Allow outgoing connection to IP addresses
# sudo firewall-cmd --zone=public --add-source=<ipaddress> --permanent
54.179.96.191
54.169.96.95
13.228.31.64
13.215.247.89
18.136.25.234
13.250.212.49
3. At the same time, please run the following commands for whitelist in lfd:
# echo "EXE:/opt/sentinelone/bin/sentinelone-agent" >> /etc/csf/csf.pignore
# echo "CMD:s1-network" >> /etc/csf/csf.pignore
# sed -i 's/^UDP_OUT = "/UDP_OUT = "443,/g' /etc/csf/csf.conf
# sed -i 's/^UDP_IN = "/UDP_IN = "443,/g' /etc/csf/csf.conf
4. Run the command to install the agent:
# wget http://pkg.exa-csoc.net/s1/SentinelAgent_linux_latest.rpm
# rpm -ivh --nodigest --nofiledigest SentinelAgent_linux_latest.rpm
5. Please run the group token below to enroll in the customer group:
# /opt/sentinelone/bin/sentinelctl management token set eyJ1cmwiOiAiaHR0cHM6Ly9hcG5lMS0xMDAxLnNlbnRpbmVsb25lLm5ldCIsICJzaXRlX2tleSI6ICJjY2JkOTYyYTY3YjU1NzdmIn0=
# /opt/sentinelone/bin/sentinelctl control start
Linux Debian/Ubuntu
The following steps serve as a guide on how to install a Linux endpoint:
1. Allow outgoing port on TCP port 443.
Install command line Firewall (UFW)
# apt-get ufw
# ufw enable
Firewall is active and enabled on system startup
# ufw status verbose
Status: active
# ufw allow 443/tcp
2. Allow outgoing connection to IP addresses
54.179.96.191
54.169.96.95
13.228.31.64
13.215.247.89
18.136.25.234
Run the following command to allow the IP addresses
# ufw allow from <ipaddress>
3. Run command to install the agent:
# wget http://pkg.exa-csoc.net/s1/SentinelAgent_linux_latest.deb
# dpkg -i SentinelAgent_linux_latest.deb
# Please run the group token below to enroll in the customer group:
/opt/sentinelone/bin/sentinelctl management token set eyJ1cmwiOiAiaHR0cHM6Ly9hcG5lMS0xMDAxLnNlbnRpbmVsb25lLm5ldCIsICJzaXRlX2tleSI6ICJjY2JkOTYyYTY3YjU1NzdmIn0=
/opt/sentinelone/bin/sentinelctl control start