keyboardcrunch / sentinelone-queriesView external linksLinks
Repository of SentinelOne Deep Visibility queries.
☆135Jun 30, 2021Updated 4 years ago
Alternatives and similar repositories for sentinelone-queries
Users that are interested in sentinelone-queries are comparing it to the libraries listed below
Sorting:
- MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity☆92Jan 11, 2021Updated 5 years ago
- Web based S1 query navigator for one-click threat hunting☆25Dec 18, 2020Updated 5 years ago
- ☆68Jun 20, 2023Updated 2 years ago
- SentinelOne STAR Rules☆71Feb 11, 2025Updated last year
- This will be a repository of SentinelOne Deep Visibility queries both the Standard Queries and the Power Queries. Most of these queries w…☆31Oct 15, 2024Updated last year
- PowerShell module for SentinelOne API☆69Jun 26, 2023Updated 2 years ago
- This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…☆26Oct 3, 2023Updated 2 years ago
- ☆15Aug 29, 2025Updated 5 months ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 7 months ago
- ☆14Oct 24, 2024Updated last year
- Contains research.splunk.com site code☆11Apr 10, 2024Updated last year
- PowerShell module for SentinelOne API☆28Mar 8, 2021Updated 4 years ago
- Project to Support The Hunter's Framework (THF)☆11Apr 16, 2024Updated last year
- PowerShell wrapper for the SentinelOne API☆10Jan 4, 2025Updated last year
- Detection rules and threat hunting queries in Defender XDR and Azure Sentinel☆16Updated this week
- Passivedns monitor implementation in Rust.☆12Apr 21, 2016Updated 9 years ago
- ☆11Jun 12, 2023Updated 2 years ago
- Utilizing MMF as a execution space for shell code☆10Aug 28, 2018Updated 7 years ago
- Sigma detection rules for hunting with the threathunting-keywords project☆58Mar 2, 2025Updated 11 months ago
- This repository contains a mindmap for different techniques for using Censys Search☆15Sep 17, 2025Updated 4 months ago
- Beginners Guide to Hunting for Threats☆17Apr 26, 2025Updated 9 months ago
- A collection of searches, interesting events and tables on Crowdstrike Splunk.☆30Mar 2, 2021Updated 4 years ago
- Quick script to build host or investigation timelines using Carbon Black Response☆12Sep 25, 2018Updated 7 years ago
- Signature engine for all your logs☆173Nov 13, 2023Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆196Feb 8, 2026Updated last week
- Defence Against the Dark Arts☆34Sep 15, 2019Updated 6 years ago
- A lightweight C++/C AFF4 reader library☆14Feb 5, 2026Updated last week
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- Threat Detection System using Hybrid (Machine Learning + Lexical Analysis) learning Approach.☆11May 30, 2017Updated 8 years ago
- Knowing which rule should trigger according to the redcannary test☆11Nov 23, 2024Updated last year
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- ☆2,383Oct 14, 2023Updated 2 years ago
- Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-2…☆99Mar 16, 2021Updated 4 years ago
- Event Tracing For Windows (ETW) Resources☆417Oct 30, 2025Updated 3 months ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- ☆17Jan 22, 2026Updated 3 weeks ago
- ☆48Feb 1, 2026Updated 2 weeks ago
- pollen - A command-line tool for interacting with TheHive☆36Jun 6, 2019Updated 6 years ago
- Registry timestamp manipulation☆17Feb 26, 2014Updated 11 years ago