All CosmicBytez Labs articles tagged #threat-hunting, across news, security advisories, how-to guides, and projects.
Use SQL to query your endpoints like a database. Deploy osquery across Linux and Windows hosts to surface process trees, network connections, user activity, and persistence mechanisms — then build detection queries for real-world threat hunting.
Deploy Velociraptor for endpoint visibility, run fleet-wide hunts, collect forensic artifacts, and accelerate incident response with VQL queries.
Deploy Velociraptor — the open-source DFIR platform — to collect forensic artifacts, run live endpoint hunts with VQL, and build an incident response...
Organizations face security risks from unauthorized applications, malware disguised as legitimate software, and shadow IT installations that bypass...
This document provides a comprehensive comparison between SentinelOne Singularity Control and Singularity Complete SKUs to help MSP teams understand the...
SentinelOne exclusion policies allow security teams to prevent false-positive detections and performance issues by excluding specific files, folders,...
Organizations using SentinelOne Singularity Complete receive 14-365+ days of Deep Visibility EDR data retention by default. This historical telemetry...
Deep Visibility is SentinelOne's EDR telemetry engine that provides comprehensive endpoint data collection for threat hunting, incident investigation, and...
Manual SentinelOne agent installation is used when automated deployment methods (GPO, RMM, SCCM) are unavailable or when installing on standalone...
Deploy, manage, and validate SentinelOne security policies across your endpoint estate using the SentinelOne Management API. This automated workflow supports:
USB drives, external hard drives, and Bluetooth peripherals represent significant security risks in enterprise environments. Malicious actors use USB...
During threat investigations, security analysts need to retrieve suspicious files from endpoints for deeper forensic analysis. Traditional methods...
This document provides comprehensive procedures for forensic evidence collection, ransomware rollback, and threat remediation using SentinelOne Complete...
Organizations deploying SentinelOne endpoint protection require continuous monitoring of agent health to ensure comprehensive threat coverage across their...
Proactive threat hunting is essential for identifying sophisticated threats that evade automated detection systems. This script automates the process of...
The MITRE ATT&CK framework catalogs 14 tactics and 200+ techniques used by adversaries. Security teams need to proactively hunt for these techniques in...
This runbook provides a standardized process for onboarding new MSP clients to SentinelOne Singularity Complete. Following this methodology ensures...
This guide provides comprehensive best practices for configuring SentinelOne policies in MSP environments managing multiple client sites with Singularity...
The SentinelOne Management Console REST API enables automation of administrative tasks, reporting, threat response, and integration with existing security...
This document provides a comprehensive library of production-ready PowerShell scripts for automating SentinelOne operations in an MSP environment. These...
Security Operations Centers (SOCs) face overwhelming alert volumes, complex threat investigations, and resource constraints. Analysts spend hours writing...
Modern enterprise networks contain a complex mix of managed endpoints (workstations, servers), IoT devices (IP cameras, printers, smart building systems),...
Full Remote Shell is a SentinelOne Complete feature that provides authorized administrators with secure, native command-line access to managed endpoints...
This runbook provides comprehensive guidance for integrating SentinelOne Singularity Complete with NinjaRMM and other RMM platforms. Proper RMM...
SentinelOne detects suspicious files but automated malware analysis requires sandbox integration. Manually uploading files to VirusTotal, Joe Sandbox, or...
Security teams face the challenge of detecting organization-specific threats, insider threats, and policy violations that generic detection rules cannot...
Storyline Active Response (STAR) is SentinelOne's cloud-based automated hunting, detection, and response engine that allows security teams to create...
When SentinelOne detects a threat on an endpoint, security analysts must quickly investigate the alert to determine if it's a genuine malware infection,...
Understanding the complete attack chain requires correlating hundreds of events (process creation, network connections, file modifications, registry...
A practical recipe book of Deep Visibility hunts — encoded PowerShell, LOLBin abuse, lateral movement, persistence mechanisms. Each recipe is a copy-paste S1QL.
Deploy a network monitoring stack combining Zeek for protocol analysis and Suricata for intrusion detection, with ELK integration for visualization and...