JumpCloud Community

mlmanka · ‎07-03-2023

So, I was trying to fine a report that will give me list of host with sentinel one application installed no easy way of doing this through the UI. So, here we go. The below script will give you list of windows and macos assets with SentinelOne Agent installed.

#Author Aka Automation Ninja:-)
# Retrieve SystemID for SentinelOne Agent on Windows
$windowsSystems = Get-JCSystemApp -Name "Sentinel Agent" -SystemOS "windows" | Select-Object -Property SystemID

# Retrieve SystemID for SentinelOne Agent on macOS
$macSystems = Get-JCSystemApp -Name "SentinelAgent" -SystemOS "macOS" | Select-Object -Property SystemID

# Combine Macos and Windows SystemID's
$systemIDs = $windowsSystems.SystemID + $macSystems.SystemID

# Retrieve hostnames and serial numbers using SystemIDs and export to CSV
$result = foreach ($systemID in $systemIDs) {
    $systemInfo = Get-JCSystem -SystemID $systemID | Select-Object -Property hostname, serialNumber
    [PSCustomObject]@{
        SystemID     = $systemID
        Hostname     = $systemInfo.hostname
        SerialNumber = $systemInfo.serialNumber
    }
}

# Export the results to CSV
$result | Export-Csv -Path "S1Machines.csv" -NoTypeInformation

This is only for windows and OSX. Let me know if you need to add linux happy to add if needed. Also let me know if you need additional properties added. Respond here if you have any questions. Happy scripting.

jworkman · ‎07-25-2023

Hey this is great, I love seeing the Get-JCSystemApp function put to good use!

mlmanka · ‎07-25-2023

Thanks. Actually improved the script. The pull the devices without sentinelOne and add them to a device group called "No SentinelOne". Note The device groups needs to be created. Didn't add it in the script but if anyone needs it happy to add it. 🙂

# Retrieve all systems with hostname, Serial Number, and _id
$allSystems = Get-JCSystem -returnProperties hostname, serialNumber

# Retrieve all Windows systems with Sentinel One Agent installed
$windowsSystems = Get-JCSystemApp -Name "Sentinel Agent" -SystemOS "windows" | Select-Object -ExpandProperty SystemID

# Retrieve all Mac systems with Sentinel One Agent installed
$macSystems = Get-JCSystemApp -Name "SentinelAgent" -SystemOS "macOS" | Select-Object -ExpandProperty SystemID

# Combine Windows and Mac systems into a single variable
$sentinelOneSystems = $windowsSystems + $macSystems

# Create an array to store the final results
$results = @()

# Create an array to store the system IDs without SentinelOne
$noSentinelOneSystems = @()

# Loop through each system and determine SentinelOne status
foreach ($system in $allSystems) {
    $status = if ($sentinelOneSystems -contains $system._id) {
        "SentinelOne Installed"
    } else {
        "SentinelOne not Installed"
        # Add the system ID to the noSentinelOneSystems array
        $noSentinelOneSystems += $system._id
    }
   
    # Create a custom object with the required columns
    $result = [PSCustomObject]@{
        Hostname = $system.hostname
        "Serial Number" = $system.serialNumber
        _id = $system._id
        "SentinelOne Status" = $status
    }

    # Add the custom object to the results array
    $results += $result
}

# Export the results to a CSV file
$results | Export-Csv -Path "/Users/lamin/sentineoneStatus.csv" -NoTypeInformation


# Loop through the system IDs without SentinelOne and add them to the "No SentinelOne" group
foreach ($systemID in $noSentinelOneSystems) {
    Add-JCSystemGroupMember -GroupName "No SentinelOne" -SystemID "$systemID"
}

JumpCloud Community

List of computers with sentinel one Agent installed