Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
SentinelOne Singularity XDR
FIN-278
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:03
Verified
What It Detects
An endpoint with a public IP address has not communicated with the SentinelOne management console in over 30 days. This asset is both internet-facing and unmonitored, meaning attackers can compromise it externally with zero detection capability. Unlike a temporarily offline agent, a 30+ day absence indicates the asset is likely abandoned or misconfigured, creating a persistent blind spot on the attack surface.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Last Time Seen
older_than_days
30
Public IP Address
not_empty
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum