๐ Deploying SentinelOne with Guardz Ultimate Plan
๐ Introduction
Integrating SentinelOne within the Guardz Ultimate Plan provides a unified security experience, simplifying the provisioning, deployment, and management of Endpoint Detection and Response (EDR) directly from the Guardz platform.
โ What this integration enables:
๐ฏ Unified Security Management: Monitor S1-protected endpoints alongside Guardz email, cloud, and identity protections.
๐ Streamlined Threat Response: SentinelOne-detected threats are automatically surfaced in Guardz Detection & Response.
๐ก๏ธ Continuous Device Posture Monitoring: Identify and fix security misconfigurations to maintain strong endpoint security.
๐ก Important Notes:
Managed SentinelOne (S1) cannot be enabled simultaneously with BYO-S1.
A separate SentinelOne deployment is required per customer.
Site Tokens are unique per customer and should NOT be shared across organizations.
๐ Step 1: Enabling SentinelOne in Guardz
๐น Activate SentinelOne Security Control
1๏ธโฃ Log into Guardz.
2๏ธโฃ Navigate to Security Controls (left sidebar) > Endpoint Security.
3๏ธโฃ If required, click "Get Started" to enable the SentinelOne Security Control.
๐ Step 2: Provisioning the Managed SentinelOne Account
๐น Select & Enable SentinelOne Managed Deployment
1๏ธโฃ Under SentinelOne, click "Select" for the Managed SentinelOne option.
2๏ธโฃ Click "Continue" to provision the SentinelOne account.
3๏ธโฃ Once the SentinelOne account is provisioned, click "Deploy".
๐จ Note:
A customer cannot use both Managed-S1 and BYO-S1 at the same time.
It is possible to mix and match SentinelOne deployment types across different customers.
๐ Step 3: Deploying SentinelOne to Devices
๐น Choosing a Deployment Method
Guardz provides two deployment options for SentinelOne agents:
1๏ธโฃ Installer-based deployment
2๏ธโฃ Script-based deployment (RMM, GPO, Intune, etc.)
๐น To deploy SentinelOne:
Download the Installer or Deployment Script from Guardz.
View the Site Token (assigned per customer).
๐ Important: Do not reuse Site Tokens across different organizations.
Deploy SentinelOne to the customerโs devices using the preferred method.
๐ Step 4: Configuring SentinelOne Policy Settings in Guardz
๐น Adjust SentinelOne Security Policies
1๏ธโฃ Navigate to Security Controls > Endpoint Security > SentinelOne Managed.
2๏ธโฃ Click the edit icon to open SentinelOne Policy Settings.
3๏ธโฃ Modify detection sensitivity, mitigation responses, and security rules as required.
4๏ธโฃ If necessary, override the global policy settings per customer.
๐ What These Settings Control:
โ How the SentinelOne agent behaves on each device
โ How threats are mitigated (e.g., auto-quarantine, isolation)
โ Detection thresholds for security events
๐ Changes made in Guardz directly impact SentinelOne agent behavior on endpoints.
๐ Troubleshooting Common Issues
๐น Issue: "Managed SentinelOne is not provisioning."
โ
Fix:
Ensure your Guardz account is enabled for the Ultimate Plan.
Retry provisioning after a few minutes.
๐น Issue: "SentinelOne installer fails to deploy."
โ
Fix:
Verify the correct Site Token is being used.
Ensure the endpoint has internet access during installation.
๐น Issue: "Devices not appearing in Guardz."
โ
Fix:
Confirm that the SentinelOne agent is successfully installed on the device.
Check if the correct SentinelOne site is linked to the Guardz customer.
๐น Issue: "Threats detected in SentinelOne are not showing in Guardz Detection & Response."
โ
Fix:
Verify that the SentinelOne Security Control is active in Guardz.
Check if the SentinelOne API connection is functioning properly.
๐ Best Practices for Deployment & Management
โ Deploy SentinelOne using GPO, SCCM, or RMM for scalability.
โ Monitor SentinelOne alerts from within Guardz Detection & Response.
โ Review & customize SentinelOne policy settings per customer.
โ Ensure Site Tokens are used correctly for each customerโs deployment.