Compare your Active Endpoints in Red Canary to SentinelOne
- 15 Jul 2024
- 2 Minutes to read
- PDF
Compare your Active Endpoints in Red Canary to SentinelOne
- Updated on 15 Jul 2024
- 2 Minutes to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Sensor performance, network communication issues, endpoint performance, or network communication issues can affect whether your Red Canary endpoint count and SentinelOne endpoint count match up. It may also be possible, however unlikely, that there is some type of communication issue between the SentinelOne Server and Red Canary. It’s always a good idea to check these numbers to ensure that Red Canary is receiving telemetry from the number of endpoints you expect from SentinelOne.
Note: SentinelOne no longer supports Windows OS 2003, 2008, and Windows 7 on their premier sensor. These operating sensors can no longer send telemetry to Red Canary. We advise that you upgrade your operating system to one that supports your premier sensor.
If upgrading or migrating to a new operating system is not immediately available, we recommend you decommission the endpoint within Red Canary. Learn more about how to Decommission Endpoints.
View active endpoints in Red Canary
View a sum total of your active endpoints that have checked in to Red Canary. You’ll use this number to compare to the number of endpoints being monitored in SentinelOne.
In your Red Canary, click Endpoints.
Click into the Endpoint Inventory filter bar, and then enter last_checkin_time:.
.png?sv=2022-11-02&spr=https&st=2024-09-20T14%3A28%3A40Z&se=2024-09-20T14%3A38%3A40Z&sr=c&sp=r&sig=z6zHQjQPKoJZWr6e%2BhPWGXhZX14UBl%2BWbz8aspU335U%3D)
.png?sv=2022-11-02&spr=https&st=2024-09-20T14%3A28%3A40Z&se=2024-09-20T14%3A38%3A40Z&sr=c&sp=r&sig=z6zHQjQPKoJZWr6e%2BhPWGXhZX14UBl%2BWbz8aspU335U%3D)
This gives you the number of endpoints that have checked in with Red Canary so far today. Note that the Last Check In Time is in UTC when comparing your results to SentinelOne.
View active endpoints in SentinelOne
Compare your active endpoints in Red Canary to the number SentinelOne is currently monitoring.
Navigate to your SentinelOne dashboard.
Click Sentinels.
Click the Endpoints tab.
Click in the Select filters field, and then click View more filters.
Select Connected to Management.
Click Back to filters.
A new Connected to Management column displays with metrics for Yes and No. The Yes metric shows you the number of endpoints considered Connected to Management and actively checking in with the SentinelOne server. This is the number to compare to Red Canary.
Troubleshooting
If you notice a large disparity between the number of active endpoints in Red Canary versus SentinelOne, take a look at the endpoints themselves in SentinelOne. Here are a few things to look for when reviewing your endpoints:
Is the endpoint online?
Is the Red Canary sensor running on the endpoint?
Is the Red Canary sensor communicating with SentinelOne?
If you discover that a sensor isn’t communicating with or isn’t connected to SentinelOne, review SentinelOne’s help documentation. To access the help documentation, log in to SentinelOne, click the question mark icon, and then select Help. If you require Red Canary assistance, please submit a request with Red Canary Support.
Was this article helpful?
