keyboardcrunch / SentinelOne-Query-Navigator
Web based S1 query navigator for one-click threat hunting
☆18Updated 3 years ago
Related projects: ⓘ
- ☆68Updated last year
- SentinelOne STAR Rules☆45Updated 10 months ago
- Repository of SentinelOne Deep Visibility queries.☆116Updated 3 years ago
- ☆50Updated last year
- MISP to Sentinel integration☆57Updated last week
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆50Updated last year
- Conference presentations☆45Updated 10 months ago
- Full of public notes and Utilities☆81Updated 3 weeks ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆91Updated 2 months ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆73Updated last month
- This repository contains Splunk queries to hunt some anomalies☆38Updated 2 years ago
- ☆72Updated last month
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- A PowerShell incident response script for quick triage☆75Updated 2 years ago
- A tool that allows you to document and assess any security automation in your SOC☆40Updated 4 months ago
- ☆26Updated 3 years ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆36Updated 2 years ago
- ☆93Updated this week
- A repository to share publicly available Velociraptor detection content☆115Updated this week
- BulkStrike enables the usage of CrowdStrike Real Time Response (RTR) to bulk execute commands on multiple machines.☆41Updated last year
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆55Updated 4 months ago
- MDE relies on some of the Audit settings to be enabled☆94Updated 2 years ago
- Import CrowdStrike Threat Intelligence into your instance of MISP☆40Updated this week
- Endpoint detection for remote hosts for consumption by RITA and Elasticsearch☆66Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆102Updated 3 weeks ago
- Provides detection capabilities and log conversion to evtx or syslog capabilities☆51Updated 2 years ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆35Updated 3 years ago
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆85Updated 3 years ago
- A collection of various SIEM rules relating to malware family groups.☆60Updated 3 months ago
- ☆49Updated 4 months ago