Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b036e6363d0b479e478222f6fbcec57cd8ad123
keyboardcrunch-sentinelone-…/README.md
T
keyboardcrunch 9b036e6363 Update README.md
2020-09-15 22:42:25 -05:00

931 B
Raw Blame History

ATT&CK Mapped SentinelOne Queries

MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity

This project aims to document SentinelOne Deep Visibility queries for detecting Windows TTPs generated by Red Canary Co's Atomic Red Team framework. These queries have been crafted and tested on Liberty console release and should support Deep Visibility 3.0. Recommending that your Sentinel Agents be on 4.2.x or newer, as some of the indicators data being queried is only collected by newer agents.

Tactics

Privilege Escalation

Defense Evasion

Persistence

Impact

Discovery

Command and Control

Collection

Execution

Exfiltration

Credential Access

Lateral Movement

Initial Access

Reference in New Issue View Git Blame Copy Permalink