Overview
This section describes the concepts and systems that Senteon uses to manage security-related settings on your Endpoints.
Below you can find details regarding how to complete the setup of your fleet of Endpoints from start to finish, the settings/configurations Senteon manages, how a Senteon user should expect to organize and manage their fleet of endpoints, and what healthy activity looks like.
Configuration Sets
Configuration Sets are groups of settings and their recommended values defined by Senteon as relevant to ensuring a strong security posture. Without Senteon, these settings would typically be managed and controlled using local/Domain Group Policy or the Windows Registry.
There are two (2) types of Configuration Sets:
| Type | Description |
|---|---|
| Recommended Configuration Set | A set of recommended security-related settings/values based on industry best-practice guidelines for a type of endpoint |
| Target Configuration Set | A baseline of settings/values that Senteon actually uses for implementation and monitoring/alerting purposes. It is derived from a Recommended Configuration Set and is the result of any modifications/exceptions. Baseline Groups and Endpoints are associated with exactly one |
Recommended Configuration Sets are derived from various industry-recognized benchmarks such as:
- Center for Internet Security (CIS) Benchmarks
- Defense Information Systems Agency's Security Technical Implementation Guides (DISA STIGs)
- Microsoft's Security Configuration Framework (SCF)
Senteon provides a Recommended Configuration Set for each type of supported "Endpoint Profile":
- Windows 10 Standalone
- Windows 10 Domain Member
Setting Information
Senteon provides a variety of information about the Senteon-supported settings to help educate and inform Senteon Users. Each setting can be viewed to see the following:
| Data | Description |
|---|---|
| GPO Path | The path of the setting in Windows local Group Policy |
| Details | Description of the setting and any additional information |
| System Data | The backing system data (registry, auditpol, etc.) associated with the setting |
| GPO Recommendations | The default and recommended Group Policy values for the setting |
Note: Settings derived from CIS and STIGs benchmarks have aditional information provided in "Details" such as Rationale, Impact, and Default Behavior
Setting Types
There are three different types of settings that can appear within Senteon. They are the following:
| Setting Type | Description |
|---|---|
| Standard | These are standard settings that Senteon manages. Each one is set distinctly and separately from any other setting. |
| Variable Compliance | These settings have two possible states based on the presence or absence of a service/feature on an endpoint. When the feature/service is present, the recommended and/or acceptable options for the setting are different. |
| Grouped | These settings are bound together to handle dependencies/interactions between them. Examples include firewall settings and account lockout policies. |
Configuration Set Updates
When new hardening guides/benchmarks are released, they often contain new security settings and/or updated recommendations. Sometimes these new recommendations involve a change to an already managed setting or turning on a new, potentially disruptive setting. Senteon is also constantly working to add new configurations and settings that are deemed relevant or important to be monitored.
In order to take advantage of the newest recommendations without causing disruption to your current managed Endpoints, you need to update your Groups when a new version of Senteon is released that contains benchmark changes. For instructions on how to do so please refer to updating.
Endpoint/Fleet Management
Senteon Users can observe and manage their fleet of Endpoints in the Tenant console. When Senteon Agent is installed on an Endpoint, it will register itself and appear in Command Center under the relevant Tenant.
The Endpoints page will display a listing of all Endpoints divided by their profile. This can be filtered from the drop down menu to the top right of the table.
Location: Tenants > <Tenant Name> > Endpoints
The main Endpoints page displays the following information by default:
| Field | Description |
|---|---|
| Hostname | The hostname of the Endpoint |
| Agent Status | The current status of the Senteon Agent on the Endpoint. Information about the different statuses can be found here |
| Group | The current Baseline Group/Exception that the Endpoint is associated With |
| Evaluation | The current evaluation status of the Endpoint |
| Labels | Associated Endpoint Labels |
Other fields that can be added to the Endpoints table include
| Field | Description |
|---|---|
| IPv4 | The IPv4 Address(es) of the Endpoint |
| MAC Address | The MAC Address(es) of the Endpoint |
| Config Status | The current status of the Endpoint's managed security settings - Healthy: All settings match their Target Values - Drifted: One or more settings have drifted from the Target Value |
| Connection Status | The current connection status of the Endpoint's agent. This will display offline if the agent missed its last check-in with Senteon's server |
| Last Connection Time | The last check-in that the server received from this endpoint's agent |
| Agent Version | The current version of the agent on this endpoint |
Endpoint Information
On the main Endpoints page, the See Info button next to each Endpoint can be clicked to display in-depth information.
A window will open and display the following set of information specific to the Endpoint:
| Field | Description |
|---|---|
| Hostname | The hostname of the Endpoint |
| IPv4 | The IPv4 Address(es) of the Endpoint |
| Domain | The Fully Qualified Domain Name (FQDN) of the Endpoint if applicable |
| MAC Address | The MAC Address(es) of the Endpoint |
| CPU Info | Info about CPU of the Endpoint |
| BIOS Info | Info about BIOS of the Endpoint |
| Baseline Group | The Baseline Group/Exception that the Endpoint is associated with |
| Labels | Associated Endpoint Labels |
| Connection Status | Displays whether the Endpoint is online or offline based on the last time it checked in (5 minutes between check-in periods) |
| Endpoint Config Status | The current status of the Endpoint's managed security settings - Healthy: All settings match the Target Values - Drifted: One or more settings have drifted from the Target Values |
| Operating System | The operating system of the Endpoint |
| OS Version | The operating system version of the Endpoint |
| Install Date | The date/time when the Senteon Agent was installed |
| Last Check-in-Time | The last time the endpoint checked in with Senteon's App Server. A long period without a check-in may be an indicator that the Endpoint is currently experiencing issues. |
| Agent Version | The current version of the installed Senteon Agent. Agents should automatically update themselves, so an outdated Agent may be an indicator of an issue with the Endpoint |
| Evaluation Result Data | This sub-page contains all of the evaluation data gathered during the Endpoint's Evaluation period and is available for review |
| Configuration Set Table | This table displays the settings/options of the Endpoint's Target Configuration Set, the current operating option, and changelog/history of the setting over time. |
| Alerts | This section displays summaries for the 20 most recent alerts for the Endpoint |
| ### Setting History |
Upon evaluation/setup, Senteon Agent will keep track of the changes to each setting over time. Any time a change is made to the target or current option an entry will be made to the log
Possible Events
- Setting History Feature Added
- Target Option Changed
- Setting Reconfigured
- Current Option Discovered
- Current Option Drifted
- Current Option Changed
- Current Option Reverted
- Current Option Reverted
- Current Option Reverted
- Requested Reconfiguration
- Requested Disable
- Requested Reset
- Requested Enable
- Requested Activation
Possible Context/Details
- Group Reassignment
- Group Modification
- Target Option Realignment
- Automatic Drift Realignment
- Manual Drift Realignment
- Evalutaion Scan
- Regular Verification Scan
- Enable Agent
- Disable Agent
- Reset Agent
- Uninstall Agent
- Organization Subcription Inactive
Agent Statuses
All of the possible statuses that Senteon Agent can report are detailed here:
| Status | Description |
|---|---|
| Activation Pending | The Endpoint has finished Guided Setup but the user has directed Senteon Agent to not apply or monitor the Target Configuration Set yet |
| Active | The Endpoint has been setup and Senteon Agent is actively monitoring for drift from the associated Target Configuration Set |
| Applying Changes | Senteon Agent is applying the configurations to the Endpoint for the first time or adjusting them in response to a Senteon User initiated modification. |
| Disabling | Senteon Agent is in the process of reverting the Senteon-managed settings back to the state they were in prior to Senteon and disabling itself |
| Disabled | Senteon Agent is fully disabled and is not managing/monitoring the Endpoint. Senteon-managed settings are reverted back to the state they were in prior to Senteon |
| Disabled (No License) | Senteon Agent has detected that its Organization does not have a valid license and has disabled itself temporarily. |
| Evaluating | Senteon Agent is currently in the process of evaluating the Endpoint |
| Installing | The Senteon Agent installer has registered the Agent, but the Agent has not yet started. |
| Ready for Evaluation | An Endpoint Profile has been assigned to the Senteon Agent/Endpoint and it is ready to begin Evaluation |
| Ready for Initialization | Evaluation has finished or been skipped, and the Endpoint is ready for Initialization into a Baseline Group |
| Ready for Finalization | Initialization has finished and the Endpoint is ready for final setup. |
| Resetting | Senteon Agent is in the process of reverting the Senteon-managed settings back to the state they were in prior to Senteon and resetting itself |
| Preparing Endpoint | Senteon Agent has started up and is determining its Endpoint Profile. |
| Uninstalled | Senteon Agent has been uninstalled from the Endpoint. It is safe to remove the Endpoint from the Tenant |
| Unsupported Profile | Senteon Agent has been installed onto an Endpoint that is not supported by Senteon |
Endpoint Actions
Depending on the current status of a Senteon Agent/Endpoint, different actions can be performed.
Location: Tenants > <Tenant Name> > Endpoints
All of the possible actions are are:
| Action | Relevant Agent Status | Usage |
|---|---|---|
| Info | All | Displays info specific to the Endpoint including its current configuration status, operating system, and a list of applied configurations |
| Enable | Disabled |
Reverts the Agent/Endpoint back to its status before it was disabled |
| Disable | All except Disabled |
Disables the Agent on the Endpoint and reverts the Senteon-managed settings back to the state they were in prior to Senteon Note: This happens automatically when an Agent is uninstalled |
| Reset | All | Reverts the Senteon-managed settings back to the state they were in prior to Senteon and resets the Agent Status back to Ready to Begin Evaluation |
| Remove | All | Removes the Endpoint from the Tenant |
| Override Profile | Ready to Begin Evaluation, Unsupported Profile |
NOT SUPPORTED - Provides option to override the assigned Endpoint Profile for another |
Modifying Endpoints
Endpoints cannot have Target Configuration Set changes applied directly to them. Instead choose one of the following options
- Modify associated Group's Target Config Set
- Create a new Exception and add the Endpoint(s)
- Move Endpoint(s) to existing Group
Baseline Groups
Senteon uses Baseline Groups (aka Baselines) to organize sets of Endpoints and provide the Target Configuration Set that member Endpoints inherit. Each Baseline has exactly one Target Configuration Set, and only Endpoints with the same Endpoint Type/Profile as the Baseline can become a member (e.g. Windows 10 Standalone).
Location: Tenants > <Tenant Name> > Groups
| Type/Tier | Description |
|---|---|
| Baseline Group / Baseline | Primary user-managed group that should be used for organizing different types of Endpoints with the same Endpoint Profile based on their security requirements. Each Baseline Group is associated with exactly one Endpoint Profile. Each Baseline Group has exactly one Target Configuration Set. |
| Exception Group / Exception | User-managed group that should be used when one or more Endpoints in a Baseline Group need slight modifications/exceptions but are still related to the Baseline Group. Each Exception Group is associated with exactly one Baseline Group. Each Exception Group has exactly one Target Configuration Set. |
The Groups page displays the following information:
| Field | Description |
|---|---|
| Baseline | The name of the Baseline Group |
| Exception(s) | The number of Exceptions that the Baseline currently has associated with it |
| Associated Endpoints | The number of Endpoints that the Baseline and its Exceptions currently have associated with it |
Baseline Group Info
Information about a specific Baseline can be accessed by clicking the See Info button next to it.
The following information will be displayed:
- Target Configuration Set
- Associated Endpoints
- Exception(s) and Associated Endpoints (If Applicable)
- Exception Configuration Set(s) (If Applicable)
Note: Exception Configuration Sets will only contain the settings that are configured differently from the Baseline. All other settings will be applied in accordance with the parent Baseline.
Group Management
Senteon Users can create new Groups or modify existing ones in a number of ways that will affect the associated Endpoints.
Location: Tenants > <Tenant Name> > Groups
Required Tenant Permissions: Edit
Creating Baseline Groups
1) Click the Create New Group button
2) Provide a name and description and then decide whether to use the Default Responses (if any have been saved) or proceed through the Primer Questions. Click the Create Baseline button to continue.
3) If you did not choose to use the Default Responses, follow the Primer Question instructions and make a decision for each setting. Additional information on each setting can be found by clicking the blue info icon next to them.
4) Review the drafted Target Configuration Set
5) Make any modifications if you wish and then click the Create Baseline button.
Note: If
Save settings for future groupsis checked, the Baseline Primer choices you made will be saved for that Endpoint Profile. You will be able to use the saved defaults when creating a new Baseline Group under that Endpoint Profile across any of your Tenants. They can be modified here:Settings>[Section] Default Decisions
Creating Exceptions
Exceptions can be manually created under Baseline Groups.
Steps
1) Select the Create Exception action next to the relevant Baseline Group
2) Enter a name and description for the Exception
3) (Optional) Select Endpoints from the Baseline that you want to add to the Exception Group
4) (Optional) Select any settings from the Baseline's Target Config Set that you want to change in the Exception.
5) Click Next to continue to the Creation page
6) (Optional) Make changes to the settings selected from the Baseline's Target Configuration Set by selecting them and clicking the Modify button that appears to the right.
7) Click the Create Exception button
Deleting Exceptions
When an Exception is no longer needed, Senteon Users can merge it back into its parent Baseline Group. Doing so will return the associated Endpoints back to the Baseline Group.
Steps
1) Click View Info next to the relevant Baseline Group
2) Click the Select Exception to Delete action
3) Select the Exception and click Delete Exception
Modifying Groups
Associated Endpoints and Target Config Sets can be modified for an entire Baseline or Exception through the Edit page.
Note: Staged changes will be discarded if you do not click the
Apply Changesbutton
Moving Endpoints from another Group
1) Navigate to Tenants > <Tenant Name> > Groups and select the Add Endpoints action on the relevant Baseline
2) Choose a Baseline Group that you wish to move Endpoints out of and into the current Group.
3) Select the Endpoints you wish to move and click Apply Changes
Modifying Target Values
1) Navigate to Tenants > <Tenant Name> > Groups and select the Edit action on the relevant Baseline
2) Click the Modify button next to the setting you want to edit.
3) Make adjustments in the window that pops up and select the Save button to stage your changes
4) Click the Apply Changes button at the bottom of the Edit page to save all changes staged to the Baseline and/or its Exceptions.
Removing Settings from Exception
1) Select the setting(s) under the Exception that you would like to remove and click Remove Setting
2) Click the Apply Changes button at the bottom of the page
Adding Settings to Exception
1) Click the Add Setting button
2) Select the settings you would like to add and click the Select Settings button
3) Click the Modify button to edit the Target Value for a setting
4) Click the Apply Changes button at the bottom of the Edit page to save all changes staged to the Baseline and/or its Exceptions.