☆69Jun 20, 2023Updated 2 years ago
Alternatives and similar repositories for S1QL-Queries
Users that are interested in S1QL-Queries are comparing it to the libraries listed below
Sorting:
- Repository of SentinelOne Deep Visibility queries.☆135Jun 30, 2021Updated 4 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Jan 11, 2021Updated 5 years ago
- SentinelOne STAR Rules☆73Feb 11, 2025Updated last year
- This will be a repository of SentinelOne Deep Visibility queries both the Standard Queries and the Power Queries. Most of these queries w…☆31Oct 15, 2024Updated last year
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Web based S1 query navigator for one-click threat hunting☆25Dec 18, 2020Updated 5 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 8 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- ☆43Apr 18, 2023Updated 2 years ago
- This Repository gives the best and possible strategies against hunting the ransomware☆26Aug 23, 2022Updated 3 years ago
- A bunch of library code that can easily be included in new/prototype projects with few (usually zero) dependencies, even on themselves.☆12Jul 26, 2020Updated 5 years ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77May 21, 2024Updated last year
- ☆14Oct 24, 2024Updated last year
- This script will generate hashes (MD5, SHA1, SHA256), submit the MD5 to Virus Total, and produce a text file with the results.☆15Jul 13, 2023Updated 2 years ago
- Passivedns monitor implementation in Rust.☆12Apr 21, 2016Updated 9 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- ☆11Jun 12, 2023Updated 2 years ago
- This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…☆26Oct 3, 2023Updated 2 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 4 months ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- Open Threat Hunting Framework☆124May 26, 2023Updated 2 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- Jupyter notebooks for threat hunting☆60Mar 26, 2025Updated 11 months ago
- A repository to share publicly available Velociraptor detection content☆196Updated this week
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Knowing which rule should trigger according to the redcannary test☆11Nov 23, 2024Updated last year
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated 3 weeks ago
- Small scripts and POCs related to digital forensics☆18Nov 1, 2022Updated 3 years ago
- Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk☆14Mar 4, 2019Updated 6 years ago
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆258Mar 31, 2025Updated 11 months ago