Kevin BeaumontSentinelOne appears to have downtime woes, an hour in. https://www.reddit.com/r/SentinelOneXDR/comments/1kycnnr/sentinelone_web_portal_down/
HT @CyberLeech
SentinelOne still down, approaching three hours. It doesn’t look like they have an official status page so https://sentinelonestatus.com/ is all ya got.
HypnSentinelOne outage is now almost 6 hours in and impacting customer protection.
Statement from support: "We are aware of ongoing console outages affecting commercial customers globally and are currently restoring services. Customer endpoints are still protected at this time, but managed response services will not have visibility. Threat data reporting is delayed, not lost. Our initial RCA shows an internal automation issue, and not a security incident.”
Managed response services not having access = your outsourced security detection and response has stopped.
SentinelOne say access to consoles has been restored and they are working to validate all services. https://www.sentinelone.com/blog/update-on-may-29-outage/
SentinelOne have been back online for 16 hours.
Overall a good response I thought, they stuck it on the front page of their website. Orgs did lack visibility and MDR coverage during the event, which sucks but hopefully lessons will be learnt.
Fritz Adalis@GossiTheDog
Guess they paid the ransom.
Guess they paid the ransom.
hexagon@GossiTheDog This is why I raised an eyebrow when they dug the heels into CrowdStrike last year. Should have spent the time being a little introspective.
Jon@GossiTheDog I can feel the SolarWinds a-blowin'.
hal8999@GossiTheDog well, and computers that are locked (auto-contained by policy) can't be reset. Because that's a console function.
But, whatever, yeah, they are technically still protected.
vampirdaddy