[Security Risk] SentinelOne Threat Detail

[Security Risk] SentinelOne Threat Detail auto-tables not scoped properly (in ITGlue)

The SentinelOne auto-tables are showing data for unrelated Customers in ITGlue. The following data points appear to be aggregate across all customers when viewed for a specific customer.

Total Endpoints
Global Alerts
Locations Table
Agent Summary Table
Threat Summary Table
Threat Details Table

So if I look at ITGlue > Customer A > Antivirus (auto) > SentinelOne > Threat Details .. I am able to see threat details for -all- customers, not just Customer A as expected.

This means a Customer with MyGlue or a Runbook is able to see all the active threats on all other Customers, as well as related details, including public IP, private IP, usernames, customer name, etc!

Chris Brescia
Nov 23 2020
Shipped

Inspector

Comments (0)
Votes (1)

Attach files

Enter a subject

Liongard Ideas Portal

Submit and upvote ideas to make Liongard better. You get 20 votes so vote wisely. 🙂
To learn more about our Ideas Portal, check out our FAQs.
To schedule a feedback session with a member of the Liongard Research Team, click here.
See what we've shipped by clicking here!

[Security Risk] SentinelOne Threat Detail auto-tables not scoped properly (in ITGlue)

Related ideas

[Security Risk] SentinelOne Threat Detail auto-tables not scoped properly (in ITGlue)

Identify yourself with your email address

Related ideas