SentinelOne

Export agent deployment status, threat detections, and policy configuration from SentinelOne Management Console.

UC-04~10 min

Steps

  1. 1
    Log in to SentinelOne console

    Navigate to your SentinelOne management console URL and sign in.

  2. 2
    Export agent inventory

    Go to Sentinels > Endpoints. Export the full endpoint list showing agent version, OS, last active date, and policy applied.

  3. 3
    Export threat summary

    Navigate to Threats. Filter for last 30 days and export the threat list showing classification, status, and mitigation action.

  4. 4
    Screenshot policy settings

    Go to Sentinels > Policies. Screenshot the active policy showing detection and response modes (Detect/Protect).

Tips

  • Agent count vs. total endpoint count demonstrates deployment coverage percentage.
  • Ensure agents are in "Protect" mode (not just "Detect") for strongest evidence.
  • The Ranger module can also show unmanaged devices for a complete picture.

Automate SentinelOne evidence collection with BindLedger connectors

Create Free Account →