About Endpoint Detection and Response with SentinelOne

LogMeIn Resolve can be integrated with SentinelOne's Endpoint Detection and Response (EDR) solution to enhance your security, simplify threat management, and boost operational efficiency.

It identifies and monitors threats such as viruses, malware, and ransomware on your remote devices, or endpoints, and facilitates immediate remedial actions, such as isolating devices on your network. EDR also evaluates threat behavior over time, recognizing abnormalities and potential security breaches. The system provides comprehensive logs on managing identified threats, enabling root cause analysis.

As a LogMeIn Resolve agent, it only takes a few clicks to turn your remote devices into EDR devices. All you have to do is deploy the latest SentinelOne agent directly from LogMeIn Resolve on devices that, in turn, start communicating with your SentinelOne account.

Remember: You must have a LogMeIn Resolve Premium or MSP plan to use the SentinelOne integration.

Integrate SentinelOne to LogMeIn Resolve

Before you can retrieve endpoint detection results from SentinelOne, you need to link your SentinelOne and LogMeIn Resolve accounts.

Every user who wants to track EDR threats in LogMeIn Resolve must follow these steps to make the integration work.

Sign in to your SentinelOne Management Console as an administrator.
Select your user name in the top-right corner, and then choose My Profile.

Note: In the classic SentinelOne Management Console, the profile menu is labeled as My User.
Select Actions > API Token Operations > Generate API token. If you already have an API token or your token has expired, select Regenerate API token.

Note: The API token is a secret key that allows you to authenticate with the SentinelOne API. Keep this token secure and do not share it with others.

Remember: Every generated API token has an expiry date. Renew your token before it expires to keep the integration working.
Copy the displayed API token to your clipboard.
Sign in to the Console at http://console.gotoresolve.com.
In the Console, go to the Integrations page.
Select Learn more under SentinelOne.
Paste your API token on the left.
Paste your SentinelOne console URL, which is the domain where you access your SentinelOne account. For example, https://usea1-300-nfr.sentinelone.net
Select Connect SentinelOne.

Results: You are taken to the Devices > EDR page in the Console.

View a device's EDR details and threats

The Console provides an overview of all your detected threats and allows you to drill down to the details of how those were discovered and mitigated.

Information on the EDR threats page is collected from your SentinelOne account. This page provides a quick overview of your EDR threats and lists all threats on your devices.

Getting an overview

At the top of the EDR threats page, antivirus issues are grouped as follows:

Mitigation status: Shows the number of resolved and active threats, as well as Benign issues that do not require your attention.
Severity status: Displays the number of threats based on their severity.
Threats by type: Displays the number of threats based on their type or class.

Listing threats

Under the threat overview, the EDR threats page lists all available threats and their basic details. The following information is available:

Threat details: The name of the threat, usually a file on a remote device or a Windows service. It often includes the threat's classification.
Severity: The urgency level to address a threat, ranging from Low to Critical.
Confidence level: Indicates how certain SentinelOne is about the detected activity or alert being genuinely Malicious. Threats with low confidence are labeled as Suspicious.
Mitigation status: Displays whether the threat has been removed from the device.
Endpoint: The name of the affected device. Select its name to view the device's protection status on the Device EDR insights page.
Note: The endpoint may not be managed in LogMeIn Resolve, but it is protected by SentinelOne.
Detected: Date and time when the threat was reported on the device.
Alert status: Displays whether the threat alert is New or Resolved.
Analytics verdict: Shows the threat's identification category based on SentinelOne's analysis. Common categories include the following:
- True positive: A threat has been identified, and appropriate actions have been taken to reduce risks.
- False positive: The system incorrectly marked a file or activity as a threat.
- Undefined: The system could not classify the threat and no actions were taken to remove it from the device.
Assignee: The agent responsible for handling the threat.
Classification: The type of threat on the device. Here are the most common types:
- Malware: Software meant to harm or gain unauthorized access to a device.
- Ransomware: Software that encrypts data on a device, making it inaccessible without paying a "ransom".
- Trojan: Software that can steal passwords, record keystrokes, or harm files.
- PUA: A potentially unwanted application that can slow down a device, show unexpected ads, or install unwanted software.
- Worm: Malware that can replicate itself and spread through a network by exploiting security weaknesses.
For more details on threat types, visit SentinelOne's website.

Filter threats

You can filter threats by date or a specific attribute. By default, you can view threats from the last three months. To change the timeframe, choose a period from the Select time drop-down list in the top right.

To filter by an attribute, select Add filters above the list of threats and choose the appropriate values from the side panel on the right. Then select Apply filters to update the threats list.

View device details

You can check the details of a device protected by EDR to get detailed information on that device. On the Devices > EDR page, select a device in the Endpoint column to open the Device EDR insights page.

Tip: This page shows data from the Agent Management > Endpoints page in SentinelOne. For detailed information on the individual attributes and values, see SentinelOne's website.

Device details are shown on the following tabs:

EDR overview tab

Displays general device information in these sections:

Asset properties: Provides hardware and network information on the device.
Other properties: Lists OS type and other device specifics.

EDR alerts tab

Lists threats on a specific device. You can sort and filter threats using the drop-down lists at the top of the page. Select a threat name to see its details on the Threat details page.

EDR health tab

Displays device health information in these sections:

Health Indicators: Provides antivirus health details of the device.
Agent Properties: Displays SentinelOne agent details, such as version.

Remember: You can only manage the EDR settings of devices in SentinelOne. Select Show in SentinelOne on the left to see device details on the Inventory page in the SentinelOne console.

View threat details

On the Devices > EDR page, select a threat in the Threat details column to open the Threat name page.

The Threat overview panel on the left displays the severity, classification, mitigation status, and date of the reported threat. It also lists mitigation actions taken to eliminate the threat.

Detailed threat information is displayed on the right in these tabs:

Properties tab

Displays basic threat properties in the following sections:

File Properties: Name, size, and publisher of the infected file.
Detection Details: Information on how and when the threat was discovered.
Target Asset: Details of the infected device.

Indicators tab

Displays the reasons for flagging a file or service as a threat.

History tab

Displays the detailed mitigation history of the threat.

View the EDR protection status of your devices

The Devices page provides an overview of your devices' protection status against EDR threats. It helps you identify devices where the SentinelOne agent has not been deployed yet.

In the Console, go to the Devices page.
Choose EDR view from the Focus view drop-down list in the top right.
Search for a device and see its protection status in the EDR protection column.
For easier navigation, you can sort devices by their EDR protection status. A device can have one of the following statuses:
- Downloading: The SentinelOne agent has started downloading to the selected device.
- Installing: The SentinelOne agent is currently being installed on the selected device.
- Installed: The SentinelOne agent has been installed on the device.
- Partially installed: The SentinelOne agent has been installed, but manual interaction like restarting the device is required to complete the installation.
- Failed: Installation of the SentinelOne agent started on the device but failed to complete.
- If you don't see any of the above, the SentinelOne agent is not installed on the device.

What to do next: From the Devices page, you can also navigate to the EDR details and EDR threats of a device. To do this, select a device by its checkbox then, under Other actions, choose EDR management. Select Open EDR details to view the EDR information on the selected device, or Open EDR threats to see the EDR threats of all your devices. These options are only available on devices where the SentinelOne agent has been successfully installed.

Deploy the SentinelOne agent on your LogMeIn Resolve devices

Before you can view and manage a LogMeIn Resolve device's EDR threats in the LogMeIn Resolve Console, you must deploy the SentinelOne agent. This makes the device available in your SentinelOne account as well as in LogMeIn Resolve.

You can physically go to a remote device and then download and install the SentinelOne agent, but with LogMeIn Resolve, you can do that from anywhere in the world.

Note: Installing the SentinelOne agent on Mac devices from LogMeIn Resolve is not supported.

On the Devices page of the Console, select EDR view as a focus view to see SentinelOne-related information.
The EDR protection column displays the current status of the SentinelOne agent on each device.
Select the devices where you want to deploy the SentinelOne agent.
The Manage selected device dialog opens on the right.
Under Other actions, choose EDR management > Install on selected devices.
This option is only available on devices without the SentinelOne agent installed.
Result: The installation starts and you can monitor its progress in the EDR protection column.
Select the SentinelOne account and site to which you want to link your LogMeIn Resolve devices.
Optionally, select a SentinelOne group to which you want to add your device.
Select Install EDR protection in the bottom right.
Type your zero trust signature key and select Proceed.

Mitigate EDR threats

Agents can reduce EDR threats without going to the SentinelOne console.

In LogMeIn Resolve, go to the Devices > EDR page, and choose a threat in the Threat details column.
Previous actions taken are displayed on the Threat overview panel.
Select Take action in the top right.
Select what action you want to take against the threat. Not all actions are available for every threat.
- Kill: Stops all processes related to the threat.
- Quarantine: Encrypts and moves the file to a secure location.
- Remediate: Deletes all files and system changes made by the threat.
- Roll back: Reverts the device to a previously saved Windows VSS snapshot, reversing the changes made by the threat.
- Add to blocklist: Adds the file to a blocklist for automatic quarantine in the future.
- Disconnect: Manually disconnects the device from the internet. The device will remain offline until restarted.
These actions are also available in the SentinelOne console.
Select Mitigate to execute the selected action.

Frequently Asked Questions

I have added a new category in SentinelOne. Why can't I see it in LogMeIn Resolve?: Any attribute that you add in SentinelOne is automatically synchronized with LogMeIn Resolve. If you don't see a particular attribute, such as a new threat category, refresh the page by selecting Reload the page in the top right.
How does LogMeIn Resolve categorize threats?: LogMeIn Resolve only reads information from SentinelOne. Threat categories, and essentially all other data, are defined by SentinelOne.
How do I mitigate EDR threats in LogMeIn Resolve?: In LogMeIn Resolve, you can manage EDR threats on the Devices > Updates page. Select a threat and then take the necessary action as described in Mitigate EDR threats.
Can I install the SentinelOne agent on a device from LogMeIn Resolve?: Yes, you can install the agent on Windows devices. See Deploy the SentinelOne agent on your LogMeIn Resolve devices.

Article last updated: 25 June, 2025