Login

r/SentinelOneXDR

▲ 15 r/SentinelOneXDR+1 crossposts

Big launch today we wanted to bring straight to this community. We’re introducing SentinelOne's Wayfinder Frontier AI Services, starting with Anthropic’s Claude Security. 

In the era of frontier AI models, the question isn't what vulnerabilities exist. It's what an adversary can actually chain together to exploit today. That's the question this service is built to solve for.

What it is

A new offering in the Wayfinder portfolio (alongside Threat Hunting, MDR Essentials, MDR Elite, and IR&R). It pairs Claude Security with our most seasoned offensive and defensive experts, working continuously across your full attack surface.

What it actually does

  • AI-accelerated discovery. Frontier models + our offensive security team finding previously undisclosed vulns and exposures in code. Built specifically for complex paths — supply chain, code injection, non-linear chains, OWASP Top 10, zero-days.
  • Exploitability-grounded prioritization. Findings evaluated against your actual environmental context. Not "here's a CVE list sorted by CVSS" — here's what's actually exploitable in your environment, prioritized.
  • Exploitation-chain disruption. Maps how exposures connect into end-to-end attack paths, then recommends where to break the chain — architectural changes, config hardening, identity controls, Singularity Platform enforcement. The point is to break it where it costs the adversary the most, not where it's easiest to patch.
  • Continuous coverage. Endpoint, cloud, identity, data, AI surfaces. Posture stays current as your environment and the threat landscape evolve.
  • Wired into the rest of Wayfinder. Findings and mitigations add context toThreat Hunting, MDR, and IR&R so exposure intel becomes operational defense, not a doc that sits in a SharePoint or Confluence.

Why we built it this way

Frontier AI on the adversary side is shrinking the time between "vuln disclosed" and "vuln weaponized" — and the defender side has to stay ahead of that with both better discovery and better judgment about what matters.

We wanted to deliver decisions, not longer lists. That's why this is humans + frontier model in the same loop, not a model that hands a report to a human.

Multi-model, on purpose

Worth saying out loud: the service runs on Claude today, and the architecture is built to incorporate frontier models from our lab partners and the research models our applied security teams use. The advantage belongs to defenders who can orchestrate the right intelligence for each task and validate every output with human judgment.

Receipts

For folks who want the operational track record this is built on — over the past quarter the SentinelOne Singularity Platform autonomously blocked zero-day and supply-chain attacks against LiteLLM, Axios, and CPU-Z. Wayfinder Frontier AI Services pushes that same operating model further left in the lifecycle.

Frontier model. Frontier operators. Real threats, stopped before they become attacks.

Full announcement: s1.ai/Claude-WF

u/bscottrosen21 — 14 days ago
▲ 1 r/SentinelOneXDR

I know I must be doing something wrong as far as agent updates. Every time I see a new major version of the agents, I create a new update policy, which seems silly. Is there some way to automate this? Should I be updating more frequently?

reddit.com
u/Zealousideal-Bit1689 — 9 days ago
▲ 5 r/SentinelOneXDR

My dev team has been complaining that SentinelOne is blocking their legit Claude code workflows. No one in IT uses Claude Code but we know S1 has blocked malicious Claude code attempts in the past (from their blog, not in our env)

Now devs want exclusions and I’m trying to figure out how to do this because Broadly excluding Claude feels wrong

How are others handling this? Feels like there’s no clean answer here just tradeoffs

reddit.com
u/Apartheid20 — 8 days ago
▲ 3 r/SentinelOneXDR

SentinelOne Messing Up with Riot Vanguard (Valorant)

Hi guys. Just got employed by a company that uses SentinelOne and YunShu. Just now, I can't play Valorant with my friends because of Riot Vanguard issues, and the only thing installed recently is both.

Is there a way around this? Or is the only way to contact the IT department to exclude Valorant and Riot Vanguard paths?

PS: No, this is not a work desktop/laptop that the company provided. It's a personal desktop.

reddit.com
u/jahorro — 4 days ago
▲ 2 r/SentinelOneXDR

endpoint name is now showing base64 characters

This just started today, but we have endpoints now that are showing up as base64 characters, they don't even decode to the same of the endpoint either. Just wondering if anyone else is experiencing this in their visibility queries?

reddit.com
u/Positive-Sir-3789 — 3 days ago
▲ 2 r/SentinelOneXDR+1 crossposts

A lot of people having issue with PiKVM being detected by crowdstrike or other monitoring applications

I went through everything and found a way to bypass that detection feel free to DM me if you are also facing the same issue.

reddit.com
u/Prestigious-Win1062 — 23 hours ago
▲ 5 r/SentinelOneXDR

Repeated kill notifications for mitigated, resolved item on exclusion list

I got an alert around 4:00 AM this morning about an active threat on one of our endpoints which S1 killed successfully. After investigation, the threat turned out to be a false positive, so I marked it as such (False Positive/Benign in Singularity). I also added the hashes to our exclusion list because it's a software auto-updater we need to run on our endpoints.

Since then, I've gotten 40 notifications about the process being successfully killed. The auto-updater process S1 flagged has now successfully run on this endpoint, so I'm not sure what's happening here. Is it still actively trying to kill the process when it runs even though I've marked it false/benign/resolved/excluded or is this just a weird glitch? In the alert details, the Mitigation tab shows "KILL 40/40 SUCCESS, 40 out of 40 actions completed successfully in under 46491479ms"

reddit.com
u/TheCarnundrum — 1 day ago