SentinelOne User Guide

Version 1.0

Original Document Release – June 2022

Title Name Signature

Security Operations Manager Avryl Francis

Review and Change History

Date Status Updated by Details Version

6/8/2022 Initial Draft Abygayle Ivey Initial Draft 0.1

6/10/2022 Peer Review Rojaun Reid Draft 0.2

6/13/2022 Final Issue Avryl Francis Final Issue 1.0

Page 1 of 10 © Digicel Group Group Security

Classification: Internal Company Use
Contents
Accessing SentinelOne Management Console .................................................................................. 3
View Sentinels (Devices with the S1 agent installed) ........................................................................ 3
2.1 Search for a device .................................................................................................................... 4
2.2 Get a device passcode............................................................................................................... 4
Installing the SentinelOne agent ....................................................................................................... 5
3.1 Download SentinelOne Agent and Site Token .......................................................................... 5
3.2 Install SentinelOne Agent on Windows .................................................................................... 6
3.3 Install SentinelOne Agent on Linux ........................................................................................... 6
Proxy Server Configuration................................................................................................................ 7
Confirm SentinelOne Agent is connected to the Management Console .......................................... 7
Searching for Endpoints That Need a Restart or Other Pending Action ........................................... 9
Restating devices ............................................................................................................................... 9

Page 2 of 10 © Digicel Group Group Security

Classification: Internal Company Use
 Accessing SentinelOne Management Console
To gain access to the SentinelOne management console, you must first submit a request via the Access
Control System.

• The Access Control System will send an approval request to your Manager.
• Only local market Security Contacts and members of the IT teams will be allowed access

After your access has been granted you will be able to login to the
SentinelOne management console via OneLogin.

1. Navigate to https://digicel.onelogin.com/portal on your

corporate-issued computer, and login if required.
2. In your OneLogin portal, select the SentinelOne tile. This will take
you to the SentinelOne management portal.

View Sentinels (Devices with the S1 agent installed)

You can view all devices with a SentinelOne agent installed in the management console

1. Select Sentinels from the navigation

pane
2. Ensure the Endpoints tab is
selected. On this page all endpoints
you have access to will be
displayed.

From here, you can search for and take

action on devices from the management
console.

Page 3 of 10 © Digicel Group Group Security

Classification: Internal Company Use
2.1 Search for a device
To easily search for a specific device:

1. Click the Select filters… bar at the top of the page

2. Click the Type your search… text box, then enter the hostname of the device.

2.2 Get a device passcode

The device passcode is needed by the SentinelOne agent to carry out certain operations and update
client configurations. This is in place to prevent unauthorised persons from tampering with the agent on
the device. The device passcode is unique to each device.

To get a device passcode follow the steps below:

1. Search for a device in the management console (See section 2.1 Search for a device)
2. Click the endpoint to open its details.
3. In the Details window, click Actions > Agent Actions > Show Passphrase

Page 4 of 10 © Digicel Group Group Security

Classification: Internal Company Use
 Installing the SentinelOne agent
To install the SentinelOne agent on a device you need 2 things:

• SentinelOne installation package – The S1 management console is updated automatically with

the latest agent packages. So ensure you are always using the latest one for the operating
systems in your environment.
• SentinelOne site token – This ensures that when the S1 agent is installed the device is
populated to your market folder and you are able to manage the agent from the s1 console.

3.1 Download SentinelOne Agent and Site Token

To access the latest package GA package:

1. Navigate to Sentinels from the navigation pane

2. Select the Packages tab, and click the download icon next to the installation package.
IMPORTANT: Pay keen attention to the Availability Level, Build Number, File Extension and File
Name columns to ensure you are selecting the latest GA package for your desired OS.

To access the site token:

The site token can be found at the top of the Packages tab.

• The site token is needed during the S1 agent installation process. It will not proceed without it.
• Persons who have access to multiple sites in the SentinelOne management console may need to
ensure a market site is selected, before the site token is visible at the top of the page.

Page 5 of 10 © Digicel Group Group Security

Classification: Internal Company Use
3.2 Install SentinelOne Agent on Windows
For Windows Operating Systems you can install the S1 agent via the interactive GUI wizard OR via
command prompt

Install SentinelOne Agent on Windows via GUI:

1. Run the SentinelOne installation package you downloaded from the console. Administrator
access is required.
2. When prompted enter the Site Token copied from the management portal and click
Continue.

Install SentinelOne Agent on Windows via Command Prompt:

1. Open command prompt as Administrator.

2. Run the SentinelOne installer package with the switch for the token.
Tip: The /QUIET and /NORESTART switches are optional but can be included for silent
installation or to prevent a forced reboot.
SentinelInstaller.exe /SITE_TOKEN=<site_Token>

IMPORTANT: When the installation process is completed you should restart the system to ensure all
SentinelOne components are active.

3.3 Install SentinelOne Agent on Linux

Run the commands below to install the S1 agent on Linux devices:

1. Install the package:

• If you use the RPM package, run:
sudo rpm -i --nodigest <package_pathname>

• If you use the DEB package, run:

sudo dpkg -i <package_pathname>

2. Associate the Agent with the Site Token using the following command:
sudo /opt/sentinelone/bin/sentinelctl management token set <site_token>

Page 6 of 10 © Digicel Group Group Security

Classification: Internal Company Use
 3. Run the following command to start the Agent service:
sudo /opt/sentinelone/bin/sentinelctl control start

4. Verify the agent is running with the following command:

sudo /opt/sentinelone/bin/sentinelctl management status

Proxy Server Configuration

If the SentinelOne agent is installed on a system that does not have access to the internet to facilitate
connectivity with the management console, then the proxy must be configured to ensure adequate
visibility and protection

Steps to configure the proxy in the SentinelOne agent on Windows:

1. Open command prompt as Administrator.

2. Navigate to the SentinelOne install directory "C:\Program Files\SentinelOne\Sentinel Agent version"
3. Run the following command to configure the proxy settings:
sentinelctl config -p server.proxy –v http://172.19.138.198:80 -k “passphrase”

NB: The passphrase “0” is used if the agent has never established a connection to the
management point otherwise use the agent specific passphrase which can be found on the
console.
4. The agent should now be able to route traffic via the proxy
5. Follow the steps in Section 5 Confirm SentinelOne Agent is connected to the Management
Console to confirm that the agent is now successfully connected to the management console
after completing the proxy configuration.

Steps to configure the proxy in the SentinelOne agent on Linux:

1. Open a terminal window and run the run the sudo command bellow
sudo /opt/sentinelone/bin/sentinelctl management proxy set http://172.19.138.198:80

2. The agent should now be able to route traffic via the proxy

For further information regarding proxy configuration or assistance with troubleshooting connectivity
issue please reach out to Group Security.

Confirm SentinelOne Agent is connected to the Management Console

To ensure adequate protection is maintained on the device after the agent is installed, it is important
that the S1 agent is connected to the management console. See steps below to confirm and
troubleshoot connectivity.

Page 7 of 10 © Digicel Group Group Security

Classification: Internal Company Use
Steps to confirm SentinelOne Windows agent is connected to the management console:

1. Find and open the SentinelOne icon in the toolbar

2. On the side bar click Agent Details
Confirm that the agent status is Online with a recent Last Console connection time
3. If configured, the proxy details should also be visible

Agent above connected via proxy

Agent above connected directly

Steps to confirm SentinelOne Linux agent is connected to the management console:

1. Open a terminal window and run the run the sudo command bellow
sudo /opt/sentinelone/bin/sentinelctl management status

2. Confirm that Connectivity is “On” and if configured the proxy details are correct

Page 8 of 10 © Digicel Group Group Security

Classification: Internal Company Use
 Searching for Endpoints That Need a Restart or Other Pending Action
To easily search for devices with pending actions:

1. Click the Select filters… bar at the top of the page

2. Click the View More Filters… bar to the right of the window.
3. Select Pending Actions
4. The devices will now be filtered all devices with pending actions.

Restating devices
To easily restart a device from the SentinelOne management console:

1. Search for the device using the steps outlined in Section 2.1
2. Select Actions
3. Select Endpoint Actions
4. Click Reboot
5. Check the box to confirm the action and click Reboot
6. The device will now be reboot

Page 9 of 10 © Digicel Group Group Security

Classification: Internal Company Use
 Important: this reboot will take effect immediately with no warning on the endpoint.

Page 10 of 10 © Digicel Group Group Security

Classification: Internal Company Use