Deploying an EDR with FleetDM

Learn how to deploy an EDR, specifically SentinelOne, using FleetDM, covering essential steps such as uploading software, creating policies for installation, and adding configuration profiles for optimal security management across your devices.

2 min read

Context

Deploying and EDR, or other security agents, is a very common usecase of Mobile Device Management solutions. This allows you to make sure that your security solutions are present on your entire fleet and properly securing your devices.

Steps

While the specifics will vary, the steps are always the same:

  1. Upload the software package & configure the deployment
  1. Create a policy & trigger the installation
  1. [Mac only, Optional] Add a Configuration Profile

Example with SentinelOne

Step 1: Uploading & configuring

  1. In Fleet, navigate to “Software” and click on the “Add Software” button
  1. [Recommended] Check the “self-service” box if you want users to be able to install this software from their menu bar icon on their device
  1. Click on “Advanced options”
  1. In “Install script”, you can enter the following scripts:
    ⚠️
    These scripts are provided as-is with no guarantee that they will work.
    Mac
    #!/bin/sh
    dir_path=$(dirname "$INSTALLER_PATH")
    echo "your_token_here" > "$dir_path/com.sentinelone.registration-token"
    installer -pkg "$INSTALLER_PATH" -target /Applications
    Linux
    #!/bin/sh
    dir_path=$(dirname "$INSTALLER_PATH")
    echo "your_token_here" > "$dir_path/com.sentinelone.registration-token"
    dnf install --assumeyes "$INSTALLER_PATH"
    Windows
    🏗️
    Under construction

Step 2: Policy & auto-install

  1. In FleetDM, navigate to Policies
  1. Select “All teams” and switch to “No team”
  1. Create a policy (N.B. You will have to create one policy per OS you want to deploy on)
    ℹ️
    For policies, you can target a number of things: whether the app is present on the device, whether it is running, etc. Refer to the OSQuery documentation for more details & configuration. The examples below are built on “software presence”.
    Mac
    SELECT 1 FROM apps WHERE bundle_identifier = 'com.sentinelone.sentineld';
    Linux
    SELECT 1 FROM rpm_packages WHERE name = 'sentinel-agent';
    Windows
    SELECT 1 FROM programs WHERE name LIKE '%SentinelOne%';
    ℹ️
    For other tools, replace the bundle identifier or the program name with the appropriate value.
  1. Save the policy. Examples below:
    1. Title: “[<OS Type>] SentinelOne is present”
    1. Description: “The laptop is correctly protected by the SentinelAgent security software, making it less vulnerable to malware, unauthorized access, and data breaches.”
    1. Resolve (this appears to employees in case of policy failure): “Nothing to do on your end 👌”
    1. Select the relevant OS in the picker
  1. Go back to the “No team” policy list and click on “Manage automation > Install software”
  1. Check the policy you just created and set it to install the software you uploaded earlier

Step 3: [Mac only] Add a Configuration Profile

Security softwares such as SentinelOne typically require additional permissions from the user to work correctly. You can streamline deployment by uploading a Configuration Profile to FleetDM to grant these permissions without user intervention.

For documentation on how to create the Configuration Profiles, please refer to the vendor documentation.

Below, you will find an example of a Configuration Profile for SentinelOne.

⚠️
This Configuration Profile is provided as-is with no guarantee that it will work.
🏗️
Coming soon
Did this answer your question?