Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-10 18:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

restructure of directory contents

Browse Source
This commit is contained in:
@
2020-09-27 11:14:21 -05:00
parent 54bfe573f7
commit 9da3392c99
13 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+13 -13
View File
@@ -1,5 +1,5 @@
# ATT&CK Mapped SentinelOne Queries
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
[MITRE ATT&CK](https://attack.mitre.org/) mapped queries for SentinelOne Deep Visiblity
This project aims to document SentinelOne Deep Visibility queries for detecting Windows TTPs generated by Red Canary Co's Atomic Red Team framework. Not all techniques documented within the Atomic Red Team project will have matching queries, due to limited data sources within SentinelOne some detections will be limited; we'll eventually expand beyond A.R.T. and just call these ATT&CK mapped queries, but I like the idea of having a framework to test these detections.
@@ -7,29 +7,29 @@ This project aims to document SentinelOne Deep Visibility queries for detecting
## Tactics (COMPLETED)
[Privilege Escalation](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/PrivilegeEscalation.md)
[Privilege Escalation](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/PrivilegeEscalation.md)
[Initial Access](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/InitialAccess.md)
[Initial Access](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/InitialAccess.md)
[Persistence](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Persistence.md)
[Persistence](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Persistence.md)
[Execution](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Execution.md)
[Execution](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Execution.md)
[Lateral Movement](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/LateralMovement.md)
[Lateral Movement](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/LateralMovement.md)
## Tactics (IN PROGRESS)
[Defense Evasion](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/DefenseEvasion.md)
[Defense Evasion](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/DefenseEvasion.md)
[Impact](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Impact.md)
[Impact](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Impact.md)
[Discovery](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Discovery.md)
[Discovery](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Discovery.md)
[Command and Control](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/CommandAndControl.md)
[Command and Control](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/CommandAndControl.md)
[Collection](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Collection.md)
[Collection](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Collection.md)
[Exfiltration](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Exfiltration.md)
[Exfiltration](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/Exfiltration.md)
[Credential Access](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/CredentialAccess.md)
[Credential Access](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/Tactics/CredentialAccess.md)