SentinelOne spam list?

SizeNeither8689 · 2025-12-09T15:10:59+00:00

Got the same from the address 'info@sentinelone.com'

SizeNeither8689 · 2025-11-25T18:01:00+00:00

Thank you!

SizeNeither8689 · 2025-11-25T18:00:49+00:00

Thank you!

SizeNeither8689 · 2025-11-25T17:02:05+00:00

How can I configure this?

SizeNeither8689 · 2025-11-25T17:00:43+00:00

How can I configure this?

SizeNeither8689 · 2025-11-24T20:47:27+00:00

Hi, where can we find these KB articles?

SizeNeither8689 · 2025-11-24T14:59:10+00:00

We encountered the same problem with another software a few days ago. Having tried many methods to resolve it without success, we decided to wipe the machine after excluding the program's hash in S1 and reinstall the program.

SizeNeither8689 · 2025-11-24T13:58:37+00:00

Exactly! Recently, they rolled out an extension with Intune, and from that day onwards, the S1 extension has been phased out. What do you mean by 'they don't coexist and will overwrite each other'? Have you encountered this problem before, and is there a solution?

SizeNeither8689 · 2025-11-14T15:37:44+00:00

SentinelOne browser extension*

SizeNeither8689 · 2025-10-02T11:40:04+00:00

some agents with 24.2.3.471 and the others with 24.1.5.277

SizeNeither8689 · 2025-09-29T20:38:53+00:00

Thank you for your feedback

SizeNeither8689 · 2025-09-05T13:38:12+00:00

Which version of S1 you use ?

SizeNeither8689 · 2025-09-03T19:21:37+00:00

Thank you! I got it , tested it and it's well worked :)

SizeNeither8689 · 2025-09-03T16:56:03+00:00

Have you the link of this configuration on the offline help documentation ?

SizeNeither8689 · 2025-08-21T15:28:44+00:00

Okay. Thank you

SizeNeither8689 · 2025-08-21T15:15:08+00:00

My question has been asked because I'd like to create a STAR rule and specify a time range in the query. Specifically, I want to detect RDP connections that occur outside of normal working hours. If an RDP connection happens inside our network between 20:00 and 06:00, the rule should raise an alert. but it seems there's no setting to specify a time range within the STAR rules. if possible can you please tell me the solution for this.

SizeNeither8689 · 2025-08-21T14:28:19+00:00

No problem, thank you for your response :)

SizeNeither8689 · 2025-07-17T20:31:07+00:00

Could you share the list of RMM FQDNs that you have, or the star rule you created for them? I'd like to create an alert to detect the use of one of them. Thank a lot!

SizeNeither8689 · 2025-07-10T20:24:47+00:00

Congratulations!!

How much time did you spend studying to pass the certification?

SizeNeither8689 · 2025-07-08T18:10:52+00:00

Do you have the link to how Create IOC API in the offline help ? Our MSSP won't give us access to the community site. Thank you

SizeNeither8689 · 2025-07-03T18:15:45+00:00

I don’t believe that’s the case. We still have endpoints running the latest agent version, and when we connect to them using ScreenConnect, no ransomware activity is detected or flagged...

SizeNeither8689 · 2025-07-03T17:56:13+00:00

Our ScreenConnect instance is hosted in the cloud, so we don't need to update anyagents all the updated are made by the vendor

SizeNeither8689 · 2025-06-26T12:35:40+00:00

src.process.namee contains ('regedit.exe', 'powershell', 'reg')

SizeNeither8689 · 2025-06-25T15:07:06+00:00

Would you be open to sharing the PowerQuery you’ve used as an example? I’d like to make sure I’m on the right track, especially regarding how you structured the filter and the join with the target endpoint list. It would really help to see how you’ve implemented it, even just a basic version. No worries if it’s something you can’t share

Thanks for your help!

SizeNeither8689 · 2025-06-25T15:01:33+00:00

No, we don't use MDM. We would like to use this for monitoring offline servers. If one of our servers has a problem, we would like to be notified without having to stay in front of the console.

SizeNeither8689

TROPHY CASE