mirror of
https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries
synced 2026-06-08 17:17:21 +00:00
keyboardcrunch
31 lines
931 B
Markdown
31 lines
931 B
Markdown
# ATT&CK Mapped SentinelOne Queries
|
|
MITRE ATT&CK mapped queries for SentinelOne Deep Visiblity
|
|
|
|
This project aims to document SentinelOne Deep Visibility queries for detecting Windows TTPs generated by Red Canary Co's Atomic Red Team framework. These queries have been crafted and tested on Liberty console release and should support Deep Visibility 3.0. Recommending that your Sentinel Agents be on 4.2.x or newer, as some of the indicators data being queried is only collected by newer agents.
|
|
|
|
## Tactics
|
|
|
|
[Privilege Escalation](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/PrivilegeEscalation.md)
|
|
|
|
[Defense Evasion](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/master/DefenseEvasion.md)
|
|
|
|
[Persistence]()
|
|
|
|
[Impact]()
|
|
|
|
[Discovery]()
|
|
|
|
[Command and Control]()
|
|
|
|
[Collection]()
|
|
|
|
[Execution]()
|
|
|
|
[Exfiltration]()
|
|
|
|
[Credential Access]()
|
|
|
|
[Lateral Movement]()
|
|
|
|
[Initial Access]()
|