Deploying an EDR with FleetDM

Learn how to effectively deploy an EDR, specifically SentinelOne, using FleetDM, including steps for uploading software, configuring installations, and adding a configuration profile for optimal security management.

2 min read

Context

Deploying and EDR, or other security agents, is a very common usecase of Mobile Device Management solutions. This allows you to make sure that your security solutions are present on your entire fleet and properly securing your devices.

Steps

While the specifics will vary, the steps are always the same:

  1. Upload the software package & configure the deployment
  1. Create a policy & trigger the installation
  1. [Mac only, Optional] Add a Configuration Profile

Example with SentinelOne

Step 1: Uploading & configuring

  1. In Fleet, navigate to “Software” and click on the “Add Software” button
  1. [Recommended] Check the “self-service” box if you want users to be able to install this software from their menu bar icon on their device
  1. [Recommended] Choose to install the application automatically. If manually, you will have to write a policy with an app automation to deploy the application on targeted devices.
    1. [Mac only] If the default policy does not work to target devices that don’t have SentinelOne installed, you can try this one out:
      ⚠️
      This policy is provided as-is with no guarantee that it will work. 
      SELECT 1 FROM file WHERE path = '/Library/Sentinel/sentinel-agent.bundle';
  1. Click on “Advanced options”
  1. In “Install script”, you can enter the following scripts:
    ⚠️
    These scripts are provided as-is with no guarantee that they will work.
    Mac
    #!/bin/sh
dir_path=$(dirname "$INSTALLER_PATH")
echo "your_token_here" > "$dir_path/com.sentinelone.registration-token"
installer -pkg "$INSTALLER_PATH" -target /Applications
    Linux
    #!/bin/sh
dir_path=$(dirname "$INSTALLER_PATH")
echo "your_token_here" > "$dir_path/com.sentinelone.registration-token"
dnf install --assumeyes "$INSTALLER_PATH"
    Windows
    $exeFilePath = "${env:INSTALLER_PATH}"

try {

$processOptions = @{
  FilePath = "$exeFilePath"
  ArgumentList = "-t your_token_here -q"
  PassThru = $true
  Wait = $true
}

# Start process and track exit code
$process = Start-Process @processOptions
$exitCode = $process.ExitCode

# Prints the exit code
Write-Host "Install exit code: $exitCode"
Exit $exitCode

} catch {
  Write-Host "Error: $_"
  Exit 1
}

Step 3: [Mac only] Add a Configuration Profile

Security softwares such as SentinelOne typically require additional permissions from the user to work correctly. You can streamline deployment by uploading a Configuration Profile to FleetDM to grant these permissions without user intervention.

For documentation on how to create the Configuration Profiles, please refer to the vendor documentation.

Below, you will find an example of a Configuration Profile for SentinelOne.

⚠️
This Configuration Profile is provided as-is, as of November 2024, with no guarantee that it will work. Up-to-date instructions from SentinelOne are available for customers here: https://euce1-110-nfr.sentinelone.net/docs/en/installing-and-upgrading-macos-agents-with-mdm-tools.html
SentinelOne_Permissions.mobileconfig 8.2 kB

https://drive.google.com/open?id=189Z3U2OD8FT2QBFw0qkkvv876600cURo&usp=drive_fs

Related articles
Did this answer your question?