Central Park Feature Glance – CIDR Filtering

The SentinelOne management console has many ways you can specify criteria to create a Filter Set, which then can be used to create a dynamic group.  One criteria that has not been available in the past is the ability to create a Filter Set based off a CIDR range. This ability is now available with Central Park.    

The most common use case, is that customers would like to specify a policy for a given IP range (CIDR block).  We have one customer that wanted all devices in 172.16.10.0-127 in one group, and the servers in 172.16.10.128-255 in a different group.

To perform this configuration simply:

  1. Create a filter based off your desired CIDR range
  2. Save the filter set
  3. Create a new policy based off this filter set

Below is a screenshot of the first CIDR filtering example.

Another customer wanted to create a filter to add the VDI machines on  4 different /23 subnets to the ‘VDI Endpoints’ group –
               10.160.250.0 – 10.160.251.254
               10.163.250.0 – 10.163.251.254
               10.150.250.0 – 10.150.251.254
               10.153.250.0 – 10.153.251.254

Summary

This enhancement now makes applying policies much more robust and dynamic. There are many other improvements included in this release, like enhanced AD integration, watch lists that allows you to implement FIM (File Integrity Monitoring) and analyze view improvements. Ready for a test drive? A stronger security posture can be easy to implement and manage. Let us show you today.

The post Central Park Feature Glance – CIDR Filtering appeared first on SentinelOne.



*** This is a Security Bloggers Network syndicated blog from SentinelOne authored by Gary Mello. Read the original post at: https://www.sentinelone.com/blog/central-park-feature-glance-cidr-filtering/