SentinelOne Ranger®
Network Visibility & Control
Network Visibility & Control
A cloud delivered, software-defined network discovery solution
designed to add global network visibility and control with minimal friction.
What’s on your network?
Ranger® extends Sentinel agent function by reporting what it sees on networks and enables blocking of unauthorized devices.

Easy Implementation
- No new software required. Ranger is part of the SentinelOne agent code base.
- No network changes required. No network SPAN or TAP ports.
- Build a policy and toggle it on. Admins can specify a different policy for each network and subnet if needed.
- Policies provide control over scan intervals and what should be scanned and what must never be scanned.
- Choose between auto-enabled scanning or require explicit permission if more control is needed over the environment.


Unparalleled Visibility
- Ranger is network efficient by intelligently electing a few Sentinel agents per subnet to participate in network mapping missions.
- Elected “Rangers” passively listen for network broadcast data including ARP, DHCP, and other network observances.
- Admins may customize active scan policies and specify multiple IP protocols for learning including ICMP, SNMP, UDP, TCP, SMB, and more.
- Rangers correlate all learned information within the backend to fingerprint known and unknown devices.
- Ranger reveals vital information about IP-enabled devices and produces inventories in seconds across your region or the globe.
Granular Control
- Ranger device inventories reveal what is connected where and the protocols these devices listen on.
- Get easy access to known device information via data collected by Rangers.
- Find and close Sentinel agent deployment gaps with Ranger Deploy, a peer-to-peer deployment feature.
- Via Deep Visibility ActiveEDR®, monitor how unknown devices communicate with managed hosts.
- Isolate suspicious devices from managed devices with a click.
