SentinelOne Sandbox

10 Launches
Solution Overview
WWT's SentinelOne (S1) Lab exists to provide a sandbox environment that can be used to evaluate the S1 solution across a wide variety of endpoints, including both Windows and Unix-based operating systems. There's also an attack machine, running Kali Linux, with which to test the efficacy of these tools using benign, non-weaponized malware. 
Customers have endpoint pain and are looking for solutions that defend against advanced attacks. They also want sophisticated visibility and threat hunting capabilities, but solutions can’t be so difficult to use that customers can’t source staff to operate them.
S1 security software replaces or augments legacy AV by uniting endpoint protection (EPP), detection and response (EDR), remediation and threat hunting into a Windows, Mac or Linux single agent solution. S1 provides admins with situational awareness and context faster than others.

The features of the S1 security suite help customers eliminate redundant endpoint agents by consolidating critical capabilities. S1 offers cloud and on-prem management as well as API integrations with many other vendor tools. S1 helps customers change the way they manage and protect their enterprise. The S1 platform autonomously prevents, detects, responds and hunts — all in real-time. It also saves customers time so they can focus on efficiency, productivity and progress.  
You will access the environment using a Windows-based jumphost from which you can browse web consoles, open RDP/SSH sessions, etc. See the topology diagram above and to the right.

Goals & Objectives

The purpose of the sandbox lab is to help you develop proficiency in deploying, managing and monitoring the SentinelOne solution. The lab guide provides a flexible framework for evaluating the solution, its installation and behavior in a sample customer environment.

The lab environment will allow you to:
  • Access the ESA baseline sandbox environment.
  • Login to the cloud-based portal.
  • Navigate the portal's interface and workflow.
  • Deploy agents on Windows systems.
  • Deploy agents on Linux systems.

Hardware & Software

This lab consists of the following hardware and software:
  • SentinelOne (current version).
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016). 
  • 1x Generic Server (Windows Server 2012). 
  • 1x Generic Server (Windows Server 2016). 
  • 1x Generic Server (Red Hat Enterprise Linux 7). 
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).

Client Devices 
  • 1x Attack Client (Windows 10 Enterprise). 
  • 1x Generic Client (Windows 7 Enterprise). 
  • 1x Attack Host (Kali Linux 2018).