Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
SentinelOne Singularity XDR
FIN-300
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:03
Verified
What It Detects
An asset with the SentinelOne agent disabled has known CVE vulnerabilities present. This creates multiplicative risk: the CVEs provide a documented roadmap for exploitation, while the disabled EDR agent means no runtime behavioral detection or automated response will trigger when those vulnerabilities are exploited. Normally, even if a CVE is exploited, the EDR agent detects the post-exploitation behavior and can contain the attack. With the agent disabled, exploitation proceeds undetected from initial access through lateral movement.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Agent Enabled (True/False)
equals
False
CVE List
not_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum