☆71Jun 20, 2023Updated 2 years ago
Alternatives and similar repositories for S1QL-Queries
Users that are interested in S1QL-Queries are comparing it to the libraries listed below
Sorting:
- Repository of SentinelOne Deep Visibility queries.☆136Jun 30, 2021Updated 4 years ago
- SentinelOne STAR Rules☆74Feb 11, 2025Updated last year
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Jan 11, 2021Updated 5 years ago
- This will be a repository of SentinelOne Deep Visibility queries both the Standard Queries and the Power Queries. Most of these queries w…☆33Oct 15, 2024Updated last year
- PowerShell wrapper for the SentinelOne API☆10Jan 4, 2025Updated last year
- PowerShell module for SentinelOne API☆69Jun 26, 2023Updated 2 years ago
- Web based S1 query navigator for one-click threat hunting☆26Dec 18, 2020Updated 5 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- ☆43Apr 18, 2023Updated 2 years ago
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 9 months ago
- Event Tracing For Windows (ETW) Resources☆420Oct 30, 2025Updated 4 months ago
- ☆14Oct 24, 2024Updated last year
- Extract information from MISP via the API☆16Jul 18, 2016Updated 9 years ago
- This Repository gives the best and possible strategies against hunting the ransomware☆26Aug 23, 2022Updated 3 years ago
- Open Threat Hunting Framework☆126May 26, 2023Updated 2 years ago
- ☆105Jul 5, 2025Updated 8 months ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- ☆24Mar 12, 2025Updated last year
- A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.☆260Mar 31, 2025Updated 11 months ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,661Mar 9, 2026Updated last week
- Passivedns monitor implementation in Rust.☆12Apr 21, 2016Updated 9 years ago
- A repository of DFIR-related Mind Maps geared towards the visual learners!☆549Sep 2, 2022Updated 3 years ago
- ATT&CK Remote Threat Hunting Incident Response☆206Dec 8, 2024Updated last year
- Resources I've found useful for my CTI work☆12Dec 27, 2023Updated 2 years ago
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- Releases for the Zui Insiders app.☆22Feb 17, 2025Updated last year
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Sample queries for Advanced hunting in Microsoft 365 Defender☆2,053Feb 17, 2022Updated 4 years ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- Beginners Guide to Hunting for Threats☆18Apr 26, 2025Updated 10 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated 2 years ago
- Ansible Collection☆12Apr 22, 2025Updated 10 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆791Updated this week
- Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques☆142Feb 25, 2024Updated 2 years ago