This article serves as a guide to install SentinelOne via Addigy's Custom Software.
Note: SentinelOne requires a token file that is unique per organization.
Prerequisites
In order to build the Custom Software, you will need the SentinelOne Installer (.pkg file) and token.
The following command will create the token file:
echo "TOKEN_HERE" > "com.sentinelone.registration-token"
Replace TOKEN_HERE with the actual token provided by SentinelOne. This should create the token in your user's folder. Alternatively, you can search for the token in the Finder app by searching for "com.sen".
Creating the Custom Software
- Upload the .pkg file and token into Addigy using our file manager. The custom software should look similar to the below:
- SentinelOne also has PPPC profiles that our Smart Software will detect when the package file is uploaded. Add them in as shown below:
Note: In the event that a PPPC profile is unsigned, the signatures for known SentinelOne applications are available in the table below. - Upon uploading the PKG, the Add button will appear next to the package name, as shown in Step 1. Click this button to have the installation script automatically added to the Installation Script section of the Custom Software. It will look similar to the below image:
Full Disk Access
To build a PPPC payload for Full Disk Access, see our article about creating a Full Disk Access payload. The table below contains known binaries for SentinelOne:
Name | Bundle ID | Signature/Code Requirement |
SentinelOne Extensions | com.sentinelone.extensions-wrapper | anchor apple generic and identifier "com.sentinelone.extensions-wrapper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
sentinel-agent | com.sentinelone.sentinel-agent | anchor apple generic and identifier "com.sentinelone.sentinel-agent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld-helper | com.sentinelone.sentineld-helper | anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld-shell | com.sentinelone.sentineld-shell | anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld | com.sentinelone.sentineld | anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentinelone-framework | com.sentinelone.sentinelone-framework |
anchor apple generic and identifier "com.sentinelone.sentinelone-framework" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.Sentinel | com.sentinelone.Sentinel |
anchor apple generic and identifier "com.sentinelone.Sentinel" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.SentinelAgent | com.sentinelone.SentinelAgent |
anchor apple generic and identifier "com.sentinelone.SentinelAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentinel-shell | com.sentinelone.sentinel-shell |
anchor apple generic and identifier "com.sentinelone.sentinel-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
You should be all set to deploy SentinelOne after creating and adding these items to your policy!