Sniffing out well-known threat groups

PowerShell module for SentinelOne API

This collection provides several unofficial ansible modules and roles to use with SentinelOne management consoles

PowerShell wrapper for the SentinelOne API

Scripts played by GitHub Actions that converts Sigma rules to SentinelOne PowerQuery via PySigma.

This project shows a graphical view of the process executions relationship in a tree format (HTML version)

Installs and configures the SentinelONE client

Parse SBS-1 Messages and upload to SentinelOne DataSet using Rust

A userscript that enhances the SentinelOne PowerQuery interface with a custom threat hunting button that follow the website UI / UX design interface.

Monitoring plugin (Icinga/Nagios compatible) to check the presence of threats on the SentinelOne Cloud service

Parse SBS-1 Messages and upload to SentinelOne DataSet using Go

Containerized—ROOTLESS—syslog-ng service that securely forwards system, firewall, and security logs to SentinelOne's Data Lake via HEC API. Optimized for performance, security, and enterprise deployment.

Docker-based Scalyr (SentinelOne) agent for macOS (Intel & Apple Silicon). Ships host logs by default, easily extended for Docker JSON logs.

s1-collector-install-packages

Log Volume Calculator (WIP)

SentinelOne rules and queries for threat detection engineering.

Complete syslog toolkit for SentinelOne SDL; Three solutions: Simple collector; 3-in-1 pipeline; rootless high-performance; Choose based on complexity needs; Docker + official S1 support

Stream syslog events directly into SentinelOne AI SIEM using a Dockerized collector. This project offers a clear, step-by-step guide, making it accessible for anyone looking to get started with log ingestion on Ubuntu or Mac (local testing), regardless of prior Linux or Docker experience.

Production-ready Docker syslog collector with multi-source differentiation for SentinelOne SIEM integration

Log Volume Calculator (WIP)