Aliases and IP addresses for each SentinelOne feature are accessed from the region of the Management Console. For each endpoint, enable access to these IP addresses over port TCP-443 in your firewall, for the location of the Management Console to manage the browser WebUI communication.
Warning
Important prerequisite: To use the Singularity™ Operations Center, the firewall in your organization must allow traffic to and from this domain: cdn.sentinelone.net over port TCP-443. If this is not allowed, you cannot enable the Singularity™ Operations Center in your user preferences. You can use the Management Console UI as usual.
Ports for cloud-based management environment
.
Ports for Integration Servers
Service
From
To
Port
SMTP
Management
SMTP server
TCP-25
SMTP SSL/TLS
Management
SMTP server
TCP-465 / TCP-587
Syslog
Management
Syslog server
UDP-514
Syslog over SSL
Management
Syslog server
TCP-6514
WebSocket
(Bidirectional)
Windows endpoints on Unified Agent
Identity Security domains.
See the AWS datacenters table for your region.
TCP-443
Note: Connection to other servers changes if the server is in the network or in a cloud, and if the servers are behind the firewall or in the DMZ.
To update your firewall settings to use Console features:
Find the table below for your Console region.
For each feature that you plan to use, find the row for the Feature and make sure that the domain and IP addresses in the row are allowed in your firewall rules.
Note
The domains that are required to access SentinelOne file services have changed for improved security. Traffic to the previous domains is automatically rerouted to the new domains and no action is required for existing environments.
This change impacts Binary Vault, RemoteOps, Sentinel Deploy, Remote Profiler, and Live Security Updates.
US AWS Datacenters
Feature
Domain
IP Address
Legacy Threat Intelligence
Supported until June 30, 2024.
https://cloudgateway-prod.sentinelone.net
34.232.178.150
34.202.41.71
New Threat Intelligence
https://reputation-service-public-us-east-1-prod.sentinelone.net
34.198.234.152
52.2.233.212
34.235.81.227
3.211.87.75
3.224.174.90
34.195.14.120
100.24.192.162
204.236.197.74
52.55.202.115
44.221.207.142
44.194.156.203
34.226.112.124
52.200.206.1
34.204.133.104
52.2.10.89
3.92.110.219
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-us-prod.sentinelone.net
https://ioc-gw-prod-us-1a.sentinelone.net
https://ioc-gw-prod-us-1b.sentinelone.net
54.209.32.124
18.204.85.51
Deep Visibility™ Queries
https://query-gateway-us-east-1-prod.sentinelone.net
52.2.233.212
3.211.87.75
34.235.81.227
34.195.14.120
3.224.174.90
34.198.234.152
Binary Vault
RemoteOps
Sentinel Deploy
Remote Profiler
Live Security Updates
New: https://file-services.na1.sentinelone.net
Deprecated: https://mgmt-file-upload-us-east-1-prod.sentinelone.net
New:
18.205.203.181
3.219.13.97
3.93.111.34
Previous IPs:
3.211.87.75
34.235.81.227
34.195.14.120
34.198.234.152
3.224.174.90
52.2.233.212
23.21.78.211
3.213.214.177
54.87.30.218
34.206.203.7
18.232.223.32
3.211.255.178
Singularity™ Data Lake
https://xdr.us1.sentinelone.net
34.193.168.81
52.205.180.184
3.230.183.50
3.218.112.33
35.174.33.18
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-us-east-1-prod.sentinelone.net
3.211.87.75
34.235.81.227
34.195.14.120
34.198.234.152
3.224.174.90
52.2.233.212
23.21.78.211
3.213.214.177
54.87.30.218
34.206.203.7
18.232.223.32
3.211.255.178
Singularity™ Identity Detection & Response
https://identity-service-us-east-1-prod.sentinelone.net
34.198.234.152
52.2.233.212
34.195.14.120
34.235.81.227
3.211.87.75
3.224.174.90
Metrics Proxy
https://metrics-proxy-us.sentinelone.net
34.195.14.120
52.2.233.212
34.235.81.227
3.211.87.75
34.198.234.152
3.224.174.90
Singularity™ Identity Security
https://usea1-identity.sentinelone.net
https://usea1-api-identity.sentinelone.net/
3.233.40.37
34.229.4.131
52.55.59.11
Console email notifications (AWS SMTP server)
http://email-smtp.us-east-1.amazonaws.com
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
Canada AWS Datacenters
Feature
Domain
IP Address
Legacy Threat Intelligence
Supported until June 30, 2024.
https://cloudgateway-prod-ca.sentinelone.net
15.222.219.252
35.182.16.84
New Threat Intelligence
https://reputation-service-public-ca-central-1-prod.sentinelone.net
52.60.165.215
52.60.220.45
3.97.32.17
15.222.154.3
3.97.109.66
99.79.88.205
15.156.131.14
15.222.95.87
15.222.59.90
99.79.109.10
3.99.87.137
15.156.120.43
3.97.32.17
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-ca-prod.sentinelone.net
https://ioc-gw-prod-ca-1a.sentinelone.net
https://ioc-gw-prod-ca-1b.sentinelone.net
35.183.158.211
3.97.78.36
Deep Visibility™Queries
https://query-gateway-ca-central-1-prod.sentinelone.net
3.97.32.17
52.60.165.215
52.60.220.45
Binary Vault
RemoteOps
Sentinel Deploy
Remote Profiler
Live Security Updates
New: https://file-services.na3.sentinelone.net
Deprecated: https://file-services-ca-central-1.sentinelone.net
New:
15.223.15.11
15.157.159.18
3.96.26.2
Previous IPs:
52.60.165.215
52.60.220.45
3.97.32.17
Singularity™ Data Lake
https://xdr.ca1.sentinelone.net
15.157.4.154
15.222.185.239
15.156.231.133
15.156.255.107
3.97.119.109
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-ca-central-1-prod.sentinelone.net
52.60.165.215
52.60.220.45
3.97.32.17
Singularity™ Identity Security
https://cace1-identity.sentinelone.net
https://cace1-api-identity.sentinelone.net/
3.98.70.231
15.157.111.146
15.157.45.54
Console email notifications (AWS SMTP server)
For Consoles registered until May 11, 2025 allow the following addresses:
http://email-smtp.us-east-1.amazonaws.com
http://email-smtp.ca-central-1.amazonaws.com
For Consoles registered from May 11, 2025 :
http://email-smtp.ca-central-1.amazonaws.com
For Consoles registered until May 11, 2025 allow the following IPs:
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
54.240.81.1
54.240.81.2
54.240.81.3
54.240.81.4
54.240.81.5
For Consoles registered from May 11, 2025:
54.240.81.1
54.240.81.2
54.240.81.3
54.240.81.4
54.240.81.5
US GCP Datacenters
Feature
Domain
IP Address
Endpoint events (previously known as Deep Visibility events) ingestion
https://ingest.na4.sentinelone.net
35.223.242.56
Binary Vault
RemoteOps
Sentinel Deploy
Remote Profiler
Live Security Updates
https://file-services.na4.sentinelone.net
35.184.68.0
Singularity™ Data Lake
https://xdr.na4.sentinelone.net
35.223.242.56
Console email notifications (AWS SMTP server)
http://email-smtp.us-east-1.amazonaws.com
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
EMEA AWS Datacenters
Feature
Domain
IP Address
Legacy Threat Intelligence
Supported until June 30, 2024.
https://cloudgateway-prod-eu.sentinelone.net
35.158.85.111
18.185.12.41
New Threat Intelligence
https://reputation-service-public-eu-central-1-prod.sentinelone.net
3.126.165.143
3.126.144.245
35.156.40.118
18.193.183.20
3.64.197.255
3.79.227.12
18.153.197.254
3.79.221.41
18.193.213.92
3.67.73.215
3.79.171.246
3.75.20.159
3.76.66.252
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-eu-prod.sentinelone.net
https://ioc-gw-eu.sentinelone.net
https://ioc-gw-prod-eu-1a.sentinelone.net
https://ioc-gw-prod-eu-1b.sentinelone.net
https://ioc-gw-prod-eu-1c.sentinelone.net
18.195.202.253
18.195.205.47
18.196.241.73
34.224.32.67
Deep Visibility™Queries
https://query-gateway-eu-central-1-prod.sentinelone.net
3.126.165.143
35.156.40.118
3.126.144.245
Binary Vault
RemoteOps
Remote Profiler
Singularity™ Data Lake
Singularity™ Identity Detection & Response
Sentinel Deploy
Live Security Updates
New: https://file-services.eu1.sentinelone.net
Deprecated: https://mgmt-file-upload-eu-central-1-prod.sentinelone.net
https://identity-service-eu-central-1-prod.sentinelone.net
New:
18.157.242.77
18.194.16.236
3.70.80.193
Previous IPs:
3.126.144.245
3.126.165.143
35.156.40.118
Singularity™ Data Lake
https://xdr.eu1.sentinelone.net
3.65.172.102
3.66.5.61
3.123.96.227
3.125.227.217
18.198.15.53
18.198.156.98
35.157.1.150
52.58.152.183
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-eu-central-1-prod.sentinelone.net
3.126.144.245
3.126.165.143
35.156.40.118
Singularity™ Identity Security
https://euce1-identity.sentinelone.net
https://euce1-api-identity.sentinelone.net/
https://eucel-api-identity.sentinelone.net/
63.176.191.82
18.153.214.227
52.59.2.153
Console email notifications (AWS SMTP server)
For Consoles registered until June 22, 2025:
http://email-smtp.eu-west-1.amazonaws.com
http://email-smtp.eu-central-1.amazonaws.com
For Consoles registered from June 22, 2025:
http://email-smtp.eu-central-1.amazonaws.com
For Consoles registered until June 22, 2025:
69.169.230.69
69.169.230.71
69.169.230.70
69.169.230.66
69.169.230.74
69.169.230.75
69.169.230.68
69.169.230.73
69.169.230.72
69.169.230.67
216.221.160.137
216.221.160.138
216.221.160.139
216.221.160.140
216.221.160.141
216.221.160.142
216.221.160.143
216.221.160.144
For Consoles registered from June 22, 2025:
216.221.160.137
216.221.160.138
216.221.160.139
216.221.160.140
216.221.160.141
216.221.160.142
216.221.160.143
216.221.160.144
EMEA GCP Datacenters
Feature
Domain
IP Address
Threat Intelligence
https://cloudgateway-europe-west3-prod.sentinelone.net
34.111.18.246
Endpoint events (previously known as Deep Visibility events) ingestion
https://gcp-s1-dv-gw-eu-prod.sentinelone.net
https://gcp-s1-dv-gw-eu-prod-1a.sentinelone.net
https://gcp-s1-dv-gw-eu-prod-1b.sentinelone.net
https://gcp-s1-dv-gw-eu-prod-1c.sentinelone.net
34.111.235.137
34.120.17.230
34.107.223.110
Deep Visibility™Queries
https://query-gateway-europe-west3-prod.sentinelone.net
35.246.184.182
Binary Vault
RemoteOps
Remote Profiler
Sentinel Deploy
Live Security Updates
New: https://file-services.eu2.sentinelone.net
Deprecated: https://file-services-europe-west3-prod.sentinelone.net
New: 34.159.16.116
35.246.184.182
Singapore AWS Datacenters
Feature
Domain
Legacy Threat Intelligence
Supported until June 30, 2024.
https://cloudgateway-prod-ap-southeast-1.sentinelone.net
13.228.171.78
New Threat Intelligence
https://reputation-service-public-ap-southeast-1-prod.sentinelone.net
13.228.76.203
13.215.2.117
18.142.141.160
3.0.29.103
13.213.240.30
18.140.145.154
18.141.104.120
122.248.214.231
13.251.171.217
13.251.4.82
18.141.96.23
3.0.149.59
18.142.141.160
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-ap-southeast-1-prod.sentinelone.net
https://ioc-gw-prod-ap-southeast-1-1a.sentinelone.net
https://ioc-gw-prod-ap-southeast-1-1b.sentinelone.net
13.213.141.141
54.255.48.3
Deep Visibility™Queries
https://query-gateway-ap-southeast-1-prod.sentinelone.net
13.228.76.203
18.142.141.160
13.215.2.117
RemoteOps
Binary Vault
Remote Profiler
Sentinel Deploy
Live Security Updates
New: https://file-services.ap1.sentinelone.net
Deprecated: https://file-services-ap-southeast-1-prod.sentinelone.net
New:
52.77.16.253
18.143.88.135
18.142.147.252
Previous IPs:
13.228.76.203
18.142.141.160
13.215.2.117
Singularity™ Data Lake
https://xdr.ap1.sentinelone.net
46.137.228.168
18.143.248.15
13.251.100.80
54.179.112.90
13.215.78.66
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-ap-southeast-1-prod.sentinelone.net
13.228.76.203
18.142.141.160
13.215.2.117
Singularity™ Identity Security
https://apse1-identity.sentinelone.net
https://apse1-api-identity.sentinelone.net/
54.179.108.57
52.77.38.137
47.130.51.55
Console email notifications (AWS SMTP server)
For Consoles registered until June 15th, 2025 allow the following addresses:
http://email-smtp.us-east-1.amazonaws.com
http://email-smtp.ap-southeast-1.amazonaws.com
For Consoles registered from June 15th , 2025:
http://email-smtp.ap-southeast-1.amazonaws.com
For Consoles registered until June 15th, 2025:
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
216.221.164.211
216.221.164.212
216.221.164.213
216.221.164.214
216.221.164.215
For Consoles registered from June 15th, 2025:
216.221.164.211
216.221.164.212
216.221.164.213
216.221.164.214
216.221.164.215
India AWS Datacenters
Feature
Domain
Legacy Threat Intelligence
Supported until June 30, 2024.
N/A
New Threat Intelligence
https://reputation-service-public-ap-south-1-prod.sentinelone.net
65.0.10.216
43.204.48.3
15.206.154.22
15.207.91.43
13.232.115.89
13.234.247.136
3.108.97.44
35.154.236.17
13.200.88.23
3.109.125.241
3.111.194.3
13.234.176.14
3.6.52.169
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-ap-south-1-prod.sentinelone.net
https://ioc-gw-prod-ap-south-1-1a.sentinelone.net
https://ioc-gw-prod-ap-south-1-1b.sentinelone.net
3.6.191.134
35.154.86.52
Deep Visibility™Queries
https://query-gateway-ap-south-1-prod.sentinelone.net
15.206.154.22
43.204.48.3
65.0.10.216
RemoteOps
Binary Vault
Remote Profiler
Sentinel Deploy
Live Security Updates
New: https://file-services.ap3.sentinelone.net
Deprecated: https://file-services-ap-south-1-prod.sentinelone.net
New:
13.202.58.72
13.233.222.249
52.95.249.151
Previous IPs:
15.206.154.22
43.204.48.3
65.0.10.216
Singularity™ Data Lake
https://xdr.aps1.sentinelone.net
18.143.248.15
13.251.100.80
54.179.112.90
13.215.78.66
13.126.149.48
35.154.108.177
13.233.14.243
52.66.15.176
3.109.128.23
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-ap-south-1-prod.sentinelone.net
15.206.154.22
43.204.48.3
65.0.10.216
Singularity™ Identity Security
https://apso1-identity.sentinelone.net
https://apso1-api-identity.sentinelone.net/
3.7.120.109
13.202.48.49
3.7.124.13
Console email notifications (AWS SMTP server)
For Consoles registered until June 8, 2025 allow the following addresses:
http://email-smtp.us-east-1.amazonaws.com
http://email-smtp.ap-south-1.amazonaws.com
For Consoles registered from June 8, 2025:
http://email-smtp.ap-south-1.amazonaws.com
For Consoles registered until June 8, 2025:
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
76.223.152.213
76.223.152.214
76.223.152.215
76.223.152.216
76.223.152.217
For Consoles registered from June 8, 2025:
76.223.152.213
76.223.152.214
76.223.152.215
76.223.152.216
76.223.152.217
Australia AWS Datacenters
Feature
Domain
Legacy Threat Intelligence
Supported until June 30, 2024.
N/A
N/A
New Threat Intelligence
https://reputation-service-public-ap-southeast-2-prod.sentinelone.net
3.24.41.101
52.63.148.30
52.65.255.229
13.55.37.31
13.236.21.232
54.79.238.33
54.79.90.115
13.211.63.247
13.238.237.24
52.62.147.137
13.236.175.66
54.206.204.41
54.66.180.187
Endpoint events (previously known as Deep Visibility events) ingestion
https://dv-ap-southeast-2-prod.sentinelone.net
https://ioc-gw-prod-ap-southeast-2-1a.sentinelone.net
https://ioc-gw-prod-ap-southeast-2-1b.sentinelone.net
https://ioc-gw-prod-ap-southeast-2-1c.sentinelone.net
54.79.240.111
3.104.244.26
13.210.137.234
Deep Visibility™Queries
https://query-gateway-ap-southeast-2-prod.sentinelone.net
3.24.41.101
52.63.148.30
52.65.255.229
RemoteOps
Binary Vault
Remote Profiler
Sentinel Deploy
Live Security Updates
New: https://file-services.ap2.sentinelone.net
Deprecated: https://file-services-ap-southeast-2-prod.sentinelone.net
New:
13.237.250.191
13.54.108.151
54.66.44.48
Previous IPs:
3.24.41.101
52.65.255.229
52.63.148.30
Singularity™ Data Lake
https://xdr.apse2.sentinelone.net
3.104.46.96
Threat Detection for Datastores - S3
https://cloud-edge-hub-gateway-ap-southeast-2-prod.sentinelone.net
3.24.41.101
52.65.255.229
52.63.148.30
Singularity™ Identity Security
https://apse2-identity.sentinelone.net
https://apse2-api-identity.sentinelone.net/
3.105.150.65
52.62.223.254
3.104.51.16
Console email notifications (AWS SMTP server)
For Consoles registered until June 8, 2025 allow the following addresses:
http://email-smtp.us-east-1.amazonaws.com
http://email-smtp.ap-southeast-2.amazonaws.com
For Consoles registered from June 8, 2025:
http://email-smtp.ap-southeast-2.amazonaws.com
For Consoles registered until June 8, 2025:
54.240.45.1
54.240.45.2
54.240.45.3
54.240.45.4
54.240.45.5
54.240.45.6
54.240.45.7
54.240.45.8
54.240.45.9
54.240.45.10
76.223.130.225
76.223.130.226
76.223.130.227
76.223.130.228
76.223.130.229
For Consoles registered from June 8, 2025:
76.223.130.225
76.223.130.226
76.223.130.227
76.223.130.228
76.223.130.229
Requirements for Mobile
Singularity Mobile Management
From
To
s1ue1
Endpoints in Europe
141.144.244.87
Oracle
Other endpoints
132.226.119.133
Requirements for Cloud Funnel
Requirements for the CWS Public Repository
List of IP addresses to allow
34.235.81.227
3.224.174.90
34.198.234.152
52.2.233.212
34.195.14.120
3.211.87.75
AWS Legacy IPs
Region
AZ
IP
us-east-1
A
54.211.159.31
us-east-1
B
54.211.162.22
us-east-1
C
52.4.126.188
us-east-1
D
54.160.219.31
us-east-1
E
52.2.239.24
us-east-1
F
3.213.125.201
us-west-1
C
13.52.148.147
ap-south-1
A
13.234.214.49
ap-south-1
B
65.0.245.183
ap-south-1
C
13.234.154.238
ap-southeast-1
A
54.179.96.191
ap-southeast-1
B
13.228.31.64
ap-southeast-1
C
54.169.96.95
ap-southeast-2
A
54.79.97.214
ap-southeast-2
C
13.210.146.186
ap-southeast-2
D
54.253.198.113
ca-central-1
A
3.98.43.12
ca-central-1
B
52.60.244.78
ca-central-1
D
3.96.27.6
eu-central-1
A
3.127.197.211
eu-central-1
B
52.29.234.66
eu-central-1
C
18.157.104.182
HEC Endpoints for SDL Ingestion
Make sure the related IP addresses are allowed in your platform.
IP addresses
Region
Endpoint
IP Address(es)
US
https://ingest.us1.sentinelone.net/
34.193.168.81
52.205.180.18
43.230.183.50
3.218.112.33
35.174.33.18
Canada
https://ingest.ca1.sentinelone.net/
15.157.4.154
15.222.185.239
15.156.231.133
15.156.255.107
3.97.119.109
EMEA
https://ingest.eu1.sentinelone.net/
3.65.172.102
3.66.5.61
3.123.96.227
3.125.227.217
18.198.15.53
18.198.156.98
35.157.1.150
52.58.152.183
India
https://ingest.ap1.sentinelone.net
https://ingest.aps1.sentinelone.net
46.137.228.168
18.143.248.15
13.251.100.80
54.179.112.90
13.215.78.66
13.126.149.48
35.154.108.177
13.233.14.243
52.66.15.176
3.109.128.23
Australia
https://ingest.apse2.sentinelone.net/
3.104.46.96
Requirements for Cloud Native Security Offensive Security Engine scans
Offensive Security Engine (OSE) scans assets from these AWS IP addresses. Make sure these AWS IP addresses are whitelisted in your firewalls to successfully scan all workloads.
IP addresses
Region
IP Address(es)
us-east-1
3.213.115.5/32
52.200.100.203/32
eu-central-1
3.72.134.117
52.58.39.107
ap-south-1
3.111.209.182
3.6.152.43
ap-southeast-1
13.214.82.155
13.215.6.156
ap-southeast-2
3.24.90.209
54.79.241.209
ca-central-1
15.222.125.8
3.96.109.117
Note
It is common and expected to see error messages in application logs from these source IP addresses. The errors don't show an issue in your application. When OSE scans for vulnerabilities, the target workload responds with error messages if OSE requests resources in paths that don't exist in the target application. This can result in HTTP 400 or HTTP 500 errors.
If the OSE scan fails due to ingress policies, the attack surface is already minimized.