Capture Client Deep Visibility Getting Started Guide

• Capture Client
• Overview
• About Deep Visibility
  • Getting Started
  • Accessing SentinelOne Help
  • Finding Threat Hunt Queries in SentinelOne
• SentinelOne Hunter Chrome Extension
  • Installing SentinelOne Hunter Chrome Extension
  • SentinelOne Hunter Modes
  • Licensing SentinelOne Hunter Chrome Extension
• Rogues Detection
• Useful References
• SonicWall Support
  • About This Document

Rogues Detection

Rogues detection powered by SentinelOne gives visibility of endpoints connected to your network that are not currently protected. If Rogues detection feature is turned on, SentinelOne Agents scan the local subnet to identify and manage the connected endpoints on which the Agent is not yet installed.

Rogues thus provides the enterprise-wide visibility of unprotected endpoints, discovering gaps in the deployment, providing the snapshot of unsecured endpoints for which Agent shall be installed.

Rogues Detection- FAQs

• I see data in Rogues when the setting in Rogues is "Scanning Enabled on Networks with 2 Agents". But data is not displayed when the value is set as 10 or a higher value. Why?

  If the criteria set is, "Scanning Enabled on Networks with 2 Agents", there has to be at least two agents in that network node for the agents to look for unprotected endpoints.

  If it is set to 10 or 100 and you are not getting results, it means that the criteria is not met; there are less than 10 or 100 Sentinel Agents in that Network.

• I can see some devices where S1 Agent is installed from a different account as Rogues. Why?

  When a Rogue scans and finds an endpoint it takes the Mac address and compares the database data for the Account where the endpoint resides.

  If the corresponding Mac address is not found it is considered a Rogue endpoint.

• What is the difference between Ranger and Rogues Detection features offered by SentinelOne?

  Rogues Detection is a light version of Ranger.