Liongard Ideas Portal

Submit and upvote ideas to make Liongard better. You get 20 votes so vote wisely. 🙂

To learn more about our Ideas Portal, check out our FAQs.
To schedule a feedback session with a member of the Liongard Research Team, click here.

See what we've shipped by clicking here!

[Security Risk] SentinelOne Threat Detail auto-tables not scoped properly (in ITGlue)

The SentinelOne auto-tables are showing data for unrelated Customers in ITGlue. The following data points appear to be aggregate across all customers when viewed for a specific customer.

  • Total Endpoints

  • Global Alerts

  • Locations Table

  • Agent Summary Table

  • Threat Summary Table

  • Threat Details Table

So if I look at ITGlue > Customer A > Antivirus (auto) > SentinelOne > Threat Details .. I am able to see threat details for -all- customers, not just Customer A as expected.

This means a Customer with MyGlue or a Runbook is able to see all the active threats on all other Customers, as well as related details, including public IP, private IP, usernames, customer name, etc!

  • Chris Brescia
  • Nov 23 2020
  • Shipped
  • Attach files