All CosmicBytez Labs articles tagged #forensics, across news, security advisories, how-to guides, and projects.
Deploy Velociraptor for endpoint visibility, run fleet-wide hunts, collect forensic artifacts, and accelerate incident response with VQL queries.
Deploy Velociraptor — the open-source DFIR platform — to collect forensic artifacts, run live endpoint hunts with VQL, and build an incident response...
This document provides a comprehensive comparison between SentinelOne Singularity Control and Singularity Complete SKUs to help MSP teams understand the...
Organizations using SentinelOne Singularity Complete receive 14-365+ days of Deep Visibility EDR data retention by default. This historical telemetry...
Deep Visibility is SentinelOne's EDR telemetry engine that provides comprehensive endpoint data collection for threat hunting, incident investigation, and...
Deploy, manage, and validate SentinelOne security policies across your endpoint estate using the SentinelOne Management API. This automated workflow supports:
During threat investigations, security analysts need to retrieve suspicious files from endpoints for deeper forensic analysis. Traditional methods...
This document provides comprehensive procedures for forensic evidence collection, ransomware rollback, and threat remediation using SentinelOne Complete...
Proactive threat hunting is essential for identifying sophisticated threats that evade automated detection systems. This script automates the process of...
This guide provides comprehensive best practices for configuring SentinelOne policies in MSP environments managing multiple client sites with Singularity...
Full Remote Shell is a SentinelOne Complete feature that provides authorized administrators with secure, native command-line access to managed endpoints...
Storyline Active Response (STAR) is SentinelOne's cloud-based automated hunting, detection, and response engine that allows security teams to create...
When SentinelOne detects a threat on an endpoint, security analysts must quickly investigate the alert to determine if it's a genuine malware infection,...
Understanding the complete attack chain requires correlating hundreds of events (process creation, network connections, file modifications, registry...
Step-by-step incident response checklist following NIST SP 800-61 framework. Covers preparation, detection, containment, eradication, recovery, and...