This article serves as a guide to install SentinelOne via Addigy's Smart Software.
Note: SentinelOne requires a token file that is unique per organization.
Creating the Smart Software
- Create a new Smart Software item in the Catalog and give it a name and version.
-
Paste the below command into the Installation > Installation Command section of the Smart Software creation window. You will want to replace "TOKEN_HERE" with the token for the specific client, which is provided by SentinelOne.
echo "TOKEN_HERE" > "com.sentinelone.registration-token"
If you're planning on deploying this software with different licenses depending on the device location, we recommend using variables to streamline this process.
The following command will create a unique token file that SentinelOne's installer (pkg) requires to be present within the same directory during installation. This token file is what is responsible for licensing the app.
Note: This command should create the token in the Smart Software's specific directory located in /Library/Addigy/ansible/packages/*your smart software name*/ - Now that the licensing is covered, we just need to upload and select the installer. While in the Smart Software creation window, click Select File(s) and proceed with the upload and selection process.
- Once the pkg has been uploaded, the Add button will appear next to the package name. Click this button to have the installation script automatically added to the Installation Command section of the Smart Software. In the Installation Command, make sure that it is below the token creation command that we configured in step 2.
- Now that the Installation has been finished, go ahead and create an applicable Condition Script. A good baseline option is the If file exists option. If the directory entered exists, by default, the installation instructions will not be executed.
Configuring the MDM Profiles
SentinelOne requires MDM profiles for Full Disk Access, Network Monitoring, Web Content Filter, Notifications, and Service Management.
Attached to the end of this article are the current PPPC (for Full Disk Access) and Web Content Filter MDM profiles for SentinelOne.
Full Disk Access
To build a PPPC payload for Full Disk Access, see our article about creating a Full Disk Access payload. The table below contains known binaries for SentinelOne:
Name | Bundle ID | Signature/Code Requirement |
com.sentinelone.sentineld-helper | com.sentinelone.sentineld-helper | anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld-shell | com.sentinelone.sentineld-shell | anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld | com.sentinelone.sentineld | anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentinel-shell | com.sentinelone.sentinel-shell |
anchor apple generic and identifier "com.sentinelone.sentinel-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
Network Monitoring Extension
Key | Value |
Display Name | SentinelOne Network Monitoring Extension |
System Extension Types | Allowed System Extensions |
Team Identifier | 4AYE5J54KN |
Allowed System Extensions | com.sentinelone.network-monitoring |
Web Content Filter
Note: Filter Socket Traffic must be Enabled to provide the Filter Data Provider Bundle Identifier and Designated Requirement.
Key | Value |
Filter Type | Plugin |
Plugin Bundle Identifier | com.sentinelone.extensions-wrapper |
Filter Data Provider Bundle Identifier |
com.sentinelone.network-monitoring |
Filter Data Provider Designated Requirement |
anchor apple generic and identifier "com.sentinelone.network-monitoring" and (certificate leaf[field.1.2.840.113635.100.6.1.9] or certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "4AYE5J54KN") |
Filter Sockets | true |
Notification Settings
Payload Type | Bundle Identifier |
com.apple.notificationsettings | com.sentinelone.SentinelAgent |
Service Management
Type | Value | Comment |
LabelPrefix | com.sentinelone. | Prevent removal of SentinelOne Launch Agents and Launch Daemons |
BundleIdentifierPrefix | com.sentinelone. | Prevent removal of SentinelOne Launch Agents and Launch Daemons |
You should be all set to deploy SentinelOne after creating and adding these items to your policy!