A command line tool that creates a super timeline from SentinelOne's Deep Visibility data

Related tags

Command-line ToolsS1SuperTimeline
Overview

S1SuperTimeline

A command line tool that creates a super timeline from SentinelOne's Deep Visibility data

What does it do?

The script accepts a S1QL query and returns a XLSX document with all the data. The script has mulithreading capabilities and allows the user to break up queries by minute increments. This method automates downloading datasets that are over 20K records (Deep Visibility's limit). For example, a hosts entire deep visbility history could be downloaded using this script. Assuming you do not go over 1,048,576 records (xlsx limit).

How to run it

Install dependencies

pip install -r requirements.txt

Run

# Hour Increments (60 min)
python3 s1_supertimeline.py -t my_api_token -url sentinelone.com -from 2020-01-01T00:00 -to 2020-01-01T12:30 -min 60

Help Page

python3 s1_supertimeline.py -h

usage: s1_supertimeline.py [-h] -t S1_API_TOKEN -url S1_URL -from FROM_DATE -to TO_DATE -min MIN_INCREMENTS [-u]

SentinelOne SuperTimeline :: By Juan Ortega 
   
    

options:
  -h, --help            show this help message and exit

Required Arguments:
  -t S1_API_TOKEN, --s1_api_token S1_API_TOKEN
                        SentinelOne API Token
  -url S1_URL, --s1_url S1_URL
                        SentinelOne Console Url
  -from FROM_DATE, --from_date FROM_DATE
                        From Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
  -to TO_DATE, --to_date TO_DATE
                        To Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
  -min MIN_INCREMENTS, --min_increments MIN_INCREMENTS
                        Minute increments to split time date range by
  -u, --utc             Accepts --date_from/--date_to as UTC, Default is local time

Troubleshooting

If you have issues running the script. Try installing tablib like this:

pip install "tablib['xlsx']"
Owner
Juan Ortega
Engineering. Incident Response. Network, Memory, and Disk Forensics. Python.
Juan Ortega
GitHub Repository
Get latest astronomy job and rumor news in your command line

astrojobs Tired of checking the AAS job register and astro rumor mill for job news? Get the latest updates in the command line! astrojobs automaticall

Philip Mocz 19 Jul 20, 2022
NudeNet wrapper made to provide a simple cli interface to the library

Nudenet Wrapper. Small warpper script for NudeNet Made to provide a small and easy to use cli interface with the library. You can indicate a single im

1 Oct 20, 2021
Pyrdle - Play Wordle in the CLI. Write an algorithm to play Wordle for you. Ruin all of the fun you've been having

Pyrdle - Play Wordle in the CLI. Write an algorithm to play Wordle for you. Ruin all of the fun you've been having

Charles Tapley Hoyt 11 Feb 11, 2022
A python-based terminal application that displays current cryptocurrency prices

CryptoAssetPrices A python-based terminal application that displays current cryptocurrency prices. Covered Cryptocurrencies Bitcoin (BTC) Ethereum (ET

3 Apr 21, 2022
Command line tool for interacting and testing warehouse components

Warehouse debug CLI Example usage for Zumo debugging See all messages queued and handled. Enable by compiling the zumo-controller with -DDEBUG_MODE_EN

1 Jan 03, 2022
Simple script to download OTA packages from Realme's endpoint.

Realme OTA Downloader CLI tool (based on this C# program) to create requests to the Realme's endpoint. Requirements Python 3.9. pycryptodome. Installa

Roger Ortiz 64 Dec 28, 2022
A tool to manage the study of courses at the university.

todo-cli A tool to manage the study of courses at the university

Quentin 6 Aug 01, 2022
AML Command Transfer. A lightweight tool to transfer any command line to Azure Machine Learning Services

AML Command Transfer (ACT) ACT is a lightweight tool to transfer any command from the local machine to AML or ITP, both of which are Azure Machine Lea

Microsoft 11 Aug 10, 2022
Postgres CLI with autocompletion and syntax highlighting

A REPL for Postgres This is a postgres client that does auto-completion and syntax highlighting. Home Page: http://pgcli.com MySQL Equivalent: http://

dbcli 10.8k Jan 02, 2023
term2048 is a terminal-based version of 2048.

term2048 is a terminal-based version of 2048.

Baptiste Fontaine 798 Nov 21, 2022
cli simple python script to interact with iphone afc api based on python library( tidevice )

afcclient cli simple python script to interact with iphone afc api based on python library( tidevice ) installation pip3 install -U tidevice cp afccli

fyst_14 2 Jul 15, 2022
Colab-xterm allows you to open a terminal in a cell

colab-xterm Colab-xterm allows you to open a terminal in a cell. Usage Install package and load the extension !pip install git+https://github.com/popc

InfuseAI 194 Dec 29, 2022
Set of scripts & tools for converting between numbers and major system encoded words.

major-system-converter Set of scripts & tools for converting between numbers and major system encoded words. Uses phonetics instead of letters to conv

4 Aug 09, 2022
Convert shellcode into :sparkles: different :sparkles: formats!

Bluffy Convert shellcode into ✨ different ✨ formats! Bluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by f

AD995 305 Dec 17, 2022
dotfilery, configuration, environment settings, automation, etc.

┌┬┐┌─┐┌─┐┌─┐┬ ┬┌┬┐┬ ┬┬┌─┐ │││├┤ │ ┬├─┤│ │ │ ├─┤││ :: bits & bobs, dots & things. ┴ ┴└─┘└─┘┴ ┴┴─┘┴ ┴ ┴ ┴┴└─┘ @megalithic 🚀 Instal

Seth Messer 89 Dec 25, 2022
pypyr task-runner cli & api for automation pipelines.

pypyr task-runner cli & api for automation pipelines. Automate anything by combining commands, different scripts in different languages & applications into one pipeline process.

pypyr 471 Dec 15, 2022
Wordle helper: help you print posible 5-character words based on you input

Wordle Helper This program help you print posible 5-character words based on you

Gwan Thanakrit Juthamongkhon 4 Jan 19, 2022
The project help you to quickly build layouts in terminal,cross-platform

The project help you to quickly build layouts in terminal,cross-platform

gojuukaze 133 Nov 30, 2022
Lsp Plugin for working with Python virtual environments

py_lsp.nvim What is py_lsp? py_lsp.nvim is a neovim plugin that helps with using the lsp feature for python development. It tackles the problem about

Patrick Haller 55 Dec 27, 2022
A super simple wallet application for the NANO cryptocurrency that runs in the terminal

Nano Terminal Wallet A super simple wallet application for the NANO cryptocurrency that runs in the terminal Written in 2021 by NinjaSnail1080 (Discor

9 Jul 22, 2022