This article serves as a guide to install SentinelOne via Addigy's Custom Software.
Note: SentinelOne requires a token file that is unique per organization.
Prerequisites
In order to build the Custom Software, you will need the SentinelOne Installer (.pkg file) and token.
The following command will create the token file:
echo "TOKEN_HERE" > "com.sentinelone.registration-token"
Replace TOKEN_HERE with the actual token provided by SentinelOne. This should create the token in your user's folder. Alternatively, you can search for the token in the Finder app by searching for "com.sen".
Creating the Custom Software
- Upload the .pkg file and token into Addigy using our file manager.
- SentinelOne also has PPPC profiles that our Smart Software will detect when the package file is uploaded.
Note: In the event that a PPPC profile is unsigned, the signatures for known SentinelOne applications are available in the table below. - Upon uploading the PKG, the Add button will appear next to the package name, as shown in Step 1. Click this button to have the installation script automatically added to the Installation Script section of the Custom Software.
Configuring The MDM Profiles
SentinelOne requires MDM profiles for Full Disk Access, Network Monitoring, Web Content Filter, Notifications, and Service Management.
Attached to the end of this article are the current PPPC (for Full Disk Access) and Web Content Filter MDM profiles for SentinelOne.
Full Disk Access
To build a PPPC payload for Full Disk Access, see our article about creating a Full Disk Access payload. The table below contains known binaries for SentinelOne:
Name | Bundle ID | Signature/Code Requirement |
com.sentinelone.sentineld-helper | com.sentinelone.sentineld-helper | anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld-shell | com.sentinelone.sentineld-shell | anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentineld | com.sentinelone.sentineld | anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
com.sentinelone.sentinel-shell | com.sentinelone.sentinel-shell |
anchor apple generic and identifier "com.sentinelone.sentinel-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN") |
Network Monitoring Extension
Key | Value |
Display Name | SentinelOne Network Monitoring Extension |
System Extension Types | Allowed System Extensions |
Team Identifier | 4AYE5J54KN |
Allowed System Extensions | com.sentinelone.network-monitoring |
Web Content Filter
Note: Filter Socket Traffic must be Enabled to provide the Filter Data Provider Bundle Identifier and Designated Requirement.
Key | Value |
Filter Type | Plugin |
Plugin Bundle Identifier | com.sentinelone.extensions-wrapper |
Filter Data Provider Bundle Identifier |
com.sentinelone.network-monitoring |
Filter Data Provider Designated Requirement | anchor apple generic and identifier "com.sentinelone.network-monitoring" and (certificate leaf[field.1.2.840.113635.100.6.1.9] or certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "4AYE5J54KN") |
Filter Sockets | true |
Notification Settings
Payload Type | Bundle Identifier |
com.apple.notificationsettings | com.sentinelone.SentinelAgent |
Service Management
Type | Value | Comment |
LabelPrefix | com.sentinelone. | Prevent removal of SentinelOne Launch Agents and Launch Daemons |
BundleIdentifierPrefix | com.sentinelone. | Prevent removal of SentinelOne Launch Agents and Launch Daemons |
You should be all set to deploy SentinelOne after creating and adding these items to your policy!