SentinelOne Ranger®
Network Visibility & Control
Network Visibility & Control
A cloud delivered, software-defined network discovery solution
designed to add global network visibility and control with minimal friction.
What’s on your network?
Ranger® extends Sentinel agent function by reporting what it sees on networks and enables blocking of unauthorized devices.

Easy Implementation
- No new software required. Ranger is part of the SentinelOne agent code base.
- No network changes required. No network SPAN or TAP ports.
- Build a policy and toggle it on. Admins can specify a different policy for each network and subnet if necessary.
- Policies provide control over scan intervals, as well as what should be scanned and what should never be scanned.
- Choose between auto-enabled scanning or require explicit permission if more control over the environment is needed.


Unparalleled Visibility
- Ranger is network efficient by intelligently choosing a few Sentinel agents per subnet to participate in network mapping missions.
- Selected “Rangers” passively listen for network broadcast data, including ARP, DHCP, and other network observations.
- Admins may customise active scan policies and specify multiple IP protocols for learning, including ICMP, SNMP, UDP, TCP, SMB, and more.
- Rangers correlate all learned information within the back-end to fingerprint known and unknown devices.
- Ranger reveals vital information about IP-enabled devices and produces inventories in your region or the globe in seconds.
Granular Control
- Ranger device inventories reveal what is connected where and the protocols these devices listen on.
- Get easy access to known device information via data collected by Rangers.
- Find and close Sentinel agent deployment gaps with Ranger Deploy, a peer-to-peer deployment feature.
- Via Deep Visibility ActiveEDR® you monitor how unknown devices communicate with managed hosts.
- Isolate suspicious devices from managed devices with a click.
