Skip to content

Endpoint Requirements

Operating Systems

  • Windows 8.1 and later desktop versions (64 bit)
  • Windows Server 2012 R2 and later server versions (64 bit)
  • Ubuntu Linux 18.04+ (64 bit)
  • CentOS/RedHat 7+ (64 bit)
  • Intel & M-Series Based MacOS Catalina (10.15) or higher

🐧 Non-supported systems: Other Linux operating systems may be functional, but are not officially supported. Network telemetry will require eBPF support in the Linux kernel; if this is not available, process telemetry will still be collected.

Operating System Feature Differences

We aim for feature parity across all our platforms whenever possible. However, due to technical constraints and the complexity of building features for different environments, simultaneous releases may not always be feasible. The table below explains the state of features across each platform.

Feature Windows macOS Linux
Network Detection and Response (NDR) Yes Yes Yes
Endpoint Detection and Response (EDR) Yes Yes Yes
Endpoint Protection (EPP) Yes Yes No
Active Response Yes Soon Yes
Reflex Yes No No

Impact on CPU/RAM

The performance of the endpoint agent will change depending on which modules are loaded.

  • With NDR and EDR features enabled but Endpoint Protection disabled:

    • Average CPU: <1% (depending on device type and hardware)
    • Average memory use: ~ 25 / 30 MiB
  • With NDR, EDR, and Endpoint Protection features all enabled:

    • Average CPU: <5% (depending on device type and hardware)
    • Average memory use: ~ 450 / 500 MiB

💡 Turning features on or off: Product features can be turned on or off by creating a segment and changing the configuration applied to that segment.

Network Requirements

Bandwidth

28 kilobits per second (~300 MiB in 24 hours), depending on device activity and workload.

💡 Data Latency: Data is ingested into the platform in real-time. There may be a delay of no greater than tens of seconds while data is analyzed before it is presented in the user interface. This delay will not affect the instant execution of automatic actions by the EPP.

Connectivity Requirements

Endpoint sensors using the cloud-hosted analysis platform will communicate to the following domains.

💡 Specific domains: Specific domain names can be provided for your tenant if required. These can be provided by contacting support.

Domain Name Purpose
*.snson.net Endpoint agent telemetry and active response sessions.
avmirror.snson.net Antivirus updates used by EPP. Included in wildcard above.
*.s3.amazonaws.com Uploads/Downloads during active response and crash dumps.
seev4.s3.amazonaws.com Endpoint agent updates. Included in wildcard above

💡 IP addresses: The IP address used for endpoint agent callbacks will remain static unless the tenant's region is changed. The IP addresses at *.s3.amazonaws.com are dynamic and can only be filtered using domain names.

TLS Interception

Endpoint sensors will use Mutual TLS 1.2+ to communicate with the analysis platform. If TLS interception is used, a bypass will need to be put in place for *.snson.net.

Golden Images

The SenseOn installation generates a unique ID upon installation. If deploying using a 'golden image', the endpoint agent should be configured to generate a unique installation ID the next time the service is started. Therefore, before sealing your golden image, please do the following:

  • Windows: Delete the file in C:\Program Files\senseon-see\precise.uuid
  • Debian/CentOS: Delete the file in /etc/senseon-see/precise.uuid
  • macOS: as root, delete the file /var/senseon-see/precise.uuid

Proxy Configuration

The endpoint sensor supports TLS pass-through HTTPS proxy, which can be enabled by deploying a JSON file in the specified path. Configuration details are provided below.

Windows

  1. Stop the endpoint sensor service.
    1. Open Start by clicking the Windows symbol on the bottom left corner or by pressing the Windows Key on your keyboard.
    2. Search for Services (or services.msc) and click the top result to open the console.
    3. Double-click the service called senseon-seed.
    4. Click the Stop button.
    5. Confirm the service is stopped by checking the list of services.
  2. Navigate to C:\ProgramData\senseon-see\ (to see C:\ProgramData and other hidden folders go to File Explorer → View and click on Show hidden files and folders)
  3. Open or create a new file: C:\ProgramData\senseon-see\proxy.json
  4. Write the following line into the file and change the host and port fields accordingly:
    {"proxy_host": "127.0.0.1", "proxy_port": 8118}
    
  5. Save the file.
  6. Start the endpoint sensor service.
    1. Open Start by clicking the Windows symbol on the bottom left corner or by pressing the Windows Key on your keyboard.
    2. Search for Services (or services.msc) and click the top result to open the console.
    3. Double-click the service called senseon-seed.
    4. Click the Start button.
    5. Confirm the service is stopped by checking the list of services.

Linux

  1. Stop the endpoint sensor service using the command systemctl stop senseon-seed
  2. Navigate to /var/senseon-see
  3. Open or create a new file: /var/senseon-see/proxy.json
  4. Write the following into the file and change the host and port fields accordingly:
    {"proxy_host": "127.0.0.1", "proxy_port": 8118}
    
  5. Save the file.
  6. Start the endpoint sensor service using the command systemctl start senseon-seed

macOS

  1. Stop the endpoint sensor service using the command systemctl stop senseon-seed.
  2. Navigate to /var/senseon-see
  3. Open or create a new file: /var/senseon-see/proxy.json
  4. Write the following into the file and change the host and port fields accordingly:
    {"proxy_host": "127.0.0.1", "proxy_port": 8118}
    
  5. Save the file.
  6. Start the endpoint sensor service using the command systemctl start senseon-seed.