The SentinelOne management console has many ways you can specify criteria to create a Filter Set, which then can be used to create a dynamic group. One criteria that has not been available in the past is the ability to create a Filter Set based off a CIDR range. This ability is now available with Central Park.
The most common use case, is that customers would like to specify a policy for a given IP range (CIDR block). We have one customer that wanted all devices in 172.16.10.0-127 in one group, and the servers in 172.16.10.128-255 in a different group.
To perform this configuration simply:
- Create a filter based off your desired CIDR range
- Save the filter set
- Create a new policy based off this filter set
Below is a screenshot of the first CIDR filtering example.
Another customer wanted to create a filter to add the VDI machines on 4 different /23 subnets to the ‘VDI Endpoints’ group –
10.160.250.0 – 10.160.251.254
10.163.250.0 – 10.163.251.254
10.150.250.0 – 10.150.251.254
10.153.250.0 – 10.153.251.254
This enhancement now makes applying policies much more robust and dynamic. There are many other improvements included in this release, like enhanced AD integration, watch lists that allows you to implement FIM (File Integrity Monitoring) and analyze view improvements. Ready for a test drive? A stronger security posture can be easy to implement and manage. Let us show you today.
*** This is a Security Bloggers Network syndicated blog from SentinelOne authored by Gary Mello. Read the original post at: https://www.sentinelone.com/blog/central-park-feature-glance-cidr-filtering/