Guided Setup
Senteon assists in performing baseline security configuration (also known as system hardening) by guiding you through Senteon's "Guided Setup" process.
Guided Setup has three phases:
1) Evaluation
Senteon Agents will evaluate your Endpoint(s) to determine what potential conflicts/disruption factors there may be for enabling recommended security settings.
2) Initialization
After "Evaluation" you will "Initialize" your Endpoint(s) which means selecting or creating a new Baseline Group to stage them in for "Finalization".
3) Finalization
Senteon will use the results from "Evaluation" and your selection in "Initialization" to generate a unique Guided Setup Wizard which will help you get as close to the recommendations as possible while providing actionable data on how to overcome conflicts/disruption factors.
Terminology
| Term | Description |
|---|---|
| Recommended Configuration Set | A set of recommended security-related settings/values based on industry best-practice guidelines for a type of endpoint |
| Target Configuration Set | A set of settings/values that Senteon actually uses for implementation and monitoring/alerting purposes. It is derived from a Recommended Configuration Set and is the result of any modifications/exceptions. |
| Endpoint Profile | The top-level grouping of a specific type of Endpoint that is assigned upon installation of Senteon Agent. It is determined by the following attributes: - Operating System - Domain-Joined Status - Domain Role (If Applicable) Each Endpoint Profile has exactly one Recommended Configuration Set. |
| Baseline Group / Baseline | Primary user-managed group that should be used for organizing different types of Endpoints with the same Endpoint Profile based on their security requirements. Each Baseline Group is associated with exactly one Endpoint Profile. Each Baseline Group has exactly one Target Configuration Set. |
| Exception Group / Exception | User-managed group that should be used when one or more Endpoints in a Baseline Group need slight modifications/exceptions but are still related to the Baseline Group. Each Exception Group is associated with exactly one Baseline Group. Each Exception Group has exactly one Target Configuration Set. |
Recommended Configuration Set Catalog
A database/catalog of the Recommended Configuration Set for each Endpoint Profile can be found in the Catalog page for reference.
Phase 1: Evaluation
Once Senteon Agent is successfully installed (or reset) on an Endpoint it will appear in the Evaluation page for the relevant Endpoint profile/type and have a status of Ready for Evaluation.
Location: Tenants > <Tenant Name> > Evaluation (Filter for relevant Endpoint Profile)
Steps
1) Select one or more Endpoints and click the Evaluate Endpoints button.
Phase 2: Initialization
Endpoints that have finished Evaluation will appear in the Initialization page for the relevant Endpoint profile/type and have a status of Ready for Initialization.
Location: Tenants > <Tenant Name> > Initialization (Filter for relevant Endpoint Profile)
Steps
1) Select one or more Endpoints you wish to group together and click the Initialize Endpoints button.
2) Choose a Baseline Group to add the selected Endpoint(s) to or create a new one.
2b) Senteon will prompt you to work through the "Baseline Primer". The "Baseline Primer" guides you through making decisions about settings that are bound by your organizational operations/policy and by-nature "Evaluation" cannot provide any relevant data for e.g. local password policy. You can save your decisions as the "default" for that Endpoint Profile and the Baseline Primer will auto-populate when creating subsequent Groups within your Organization.
Note: If
Save settings for future groupsis checked, the Baseline Primer choices you made will be saved for that Endpoint Profile. You will be able to use the saved defaults when creating a new Baseline Group under that Endpoint Profile across any of your Tenants. They can be modified here:Settings>[Section] Default Decisions
3) After choosing/creating a Baseline Group for the Endpoint(s), click Initialize Endpoints
Note: If you instead wish to skip Finalization and force-apply the Baseline's Configuration Set to the Endpoint(s), click the
Skip Setup and ActivatebuttonWARNING: If you choose to skip, the Baseline's Configuration Set will be immediately applied with no regard to potential conflicts/disruption factors
Phase 3: Finalization
After a Senteon Agent/Endpoint is Initialized, the Agent Status will change to Ready for Setup and it will appear in the Finalization page under "Baselines: Ready for Finalization".
The Guided Setup Wizard walks you through any decisions that need to be made due to blocking/disruption factors. This can range from technical factors such as out-of-date authentication protocols to organizational/cultural factors that Senteon cannot be aware of in a vacuum.
Each Wizard page will provide a singular setting or list of settings that require your attention. Make a choice for an individual Endpoint or a group of them. Calculations for the final Target Configuration Set and any Exceptions are done after settings review.
Location: Tenants > <Tenant Name> > Finalization
Steps
1) Select the Baseline Group that you initialized your Endpoint(s) into and click the Finalize Endpoints button.
Note If multiple Groups are selected, the wizard will run the setup process in sequential order.
2) Follow the Guided Setup Wizard
Part 1: Decision Making
All Guided Setup Wizard sections are structured around a primary navigation hub. It logically groups settings that need attention by category and priority level and tracks your progress throughout the process. Each section/subsection has an associated checkbox that indicates whether it has been completed.
Each subsection contains a list of settings that require a decision to be made. These are listed in a table that allows for both granular management of settings and bulk decision-making.
Individual Endpoint/Setting Decisions
If you need to make decisions for individual Endpoints and/or settings, click the MODIFY button next to the setting in question. This will open a page that lets you select any of the Senteon-suppported options for that setting and make decisions for individual endpoints as well
Bulk Decisions
You can select one or more settings and make bulk decisions for ALL Endpoints being finalized.
To use bulk decisions, select the checkbox next to one or more settings and click on the button/dropdown to the top right of the table.
Warning: Bulk actions will overwrite previously made decisions on selected settings for ALL Endpoints being finalized
| Bulk Decision | Description |
|---|---|
| Set Selected to Senteon Recommendation | Sets the target option for all selected settings to the Senteon recommended option based on the CIS Benchmarks |
| Set Selected to Default Option | Sets the target option for all selected settings to the Windows default option |
| Set Selected to Current Option | Sets the target option for all selected settings to the currently configured option on any relevant endpoint |
| Set Selected to Unmanaged | Sets all selected settings to be entirely unmanaged by Senteon for this group |
| Set Selected to Current Baseline Option | Sets the target option for all selected settings to the baseline group's target option |
Part 2: Target Configuration Set Review
This section provides a summary of all of the decisions made so far during Finalization and allows you to go back and make any changes if needed.
Warning: Once you move on from this section you WILL NOT be able to change these decisions for the remainder of the Finalization process. Any changes will have to made by directly modifying the Baseline Group or Endpoints in the Tenant console.
Part 3: Exception Creation
Depending on the decisions made for each Endpoint, Senteon may decide that Exceptions are necessary to handle all of the different Target Configuration Set variations.
If an Exception already exists with a matching Target Config Set, you will be given the option to either add the Endpoint(s) to the existing Exception or create a new but identical Exception.
- Situation 1: Baseline Group has no associated Endpoints prior to Finalization
If no staged Target Config Set(s) for the Endpoint(s) match the Baseline's after your decisions have been factored in, the Baseline's Target Config Set will be adjusted to match the staged Target Config Set with the fewest differences.
- Situation 2: Baseline Group has associated Endpoints already
Any Endpoints with staged Target Config Sets that exactly match the Baseline's will be associated with the Baseline Group. All others will be handled by Exceptions.
Part 4: Final Review
Once all Exceptions have been determined and staged, Senteon provides one final page for review of all the decisions made throughout Finalization.
Note: Functionality for moving Endpoints between the Baseline Group and all of its potential Exceptions duing the review process is coming soon.
Part 5a: Activate Endpoints
Completes Finalization and signals Senteon Agent(s) to begin implementing the Target Configuration Set.
Part 5b: Delay Activation
Completes Finalization but instead sets Agent(s) to Activation Pending. This will give you the opportunity to stage your desired security configurations without Senteon implementing, monitoring, or enforcing the Target Configuration Set until you are ready. This may be useful for change management processes.
Once you are ready to commit to the changes, follow the steps below to activate the Agents/Endpoints.
1) Navigate to Tenants > <Tenant Name> > Finalization
2) Select one or more Groups with pending Endpoints and click the Activate button.
Next Steps
Guided setup is now complete and your Endpoints are being managed by Senteon. In order to effectively administer Senteon, please review the documentation for managing your Tenants in Tenant/Endpoint Management.