keyboardcrunch / SentinelOne-Query-Navigator
Web based S1 query navigator for one-click threat hunting
☆18Updated 4 years ago
Alternatives and similar repositories for SentinelOne-Query-Navigator:
Users that are interested in SentinelOne-Query-Navigator are comparing it to the libraries listed below
- Repository of SentinelOne Deep Visibility queries.☆121Updated 3 years ago
- ☆72Updated 3 months ago
- MISP to Sentinel integration☆62Updated 2 months ago
- ☆55Updated last year
- Convert Sigma rules to LogRhythm searches☆20Updated 2 years ago
- ☆79Updated last week
- ☆83Updated last month
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated 2 weeks ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆39Updated 4 years ago
- SentinelOne STAR Rules☆55Updated this week
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆60Updated 9 months ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Full of public notes and Utilities☆97Updated this week
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆88Updated 4 years ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 7 months ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆39Updated 4 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆83Updated 6 months ago
- ☆41Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆108Updated last month
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 4 months ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated last month
- Run Velociraptor on Security Onion☆37Updated 2 years ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆82Updated last week
- Open Threat-Informed Detection Engineering☆37Updated last month
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- MITRE ATT&CK Based App in Power BI☆14Updated 11 months ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆71Updated 3 years ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆156Updated 2 weeks ago