S1SuperTimeline
A command line tool that creates a super timeline from SentinelOne's Deep Visibility data
What does it do?
The script accepts a S1QL query and returns a XLSX document with all the data. The script has mulithreading capabilities and allows the user to break up queries by minute increments. This method automates downloading datasets that are over 20K records (Deep Visibility's limit). For example, a hosts entire deep visbility history could be downloaded using this script. Assuming you do not go over 1,048,576 records (xlsx limit).
How to run it
Install dependencies
pip install -r requirements.txt
Run
# Hour Increments (60 min)
python3 s1_supertimeline.py -t my_api_token -url sentinelone.com -from 2020-01-01T00:00 -to 2020-01-01T12:30 -min 60
Help Page
python3 s1_supertimeline.py -h
usage: s1_supertimeline.py [-h] -t S1_API_TOKEN -url S1_URL -from FROM_DATE -to TO_DATE -min MIN_INCREMENTS [-u]
SentinelOne SuperTimeline :: By Juan Ortega
options:
-h, --help show this help message and exit
Required Arguments:
-t S1_API_TOKEN, --s1_api_token S1_API_TOKEN
SentinelOne API Token
-url S1_URL, --s1_url S1_URL
SentinelOne Console Url
-from FROM_DATE, --from_date FROM_DATE
From Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
-to TO_DATE, --to_date TO_DATE
To Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
-min MIN_INCREMENTS, --min_increments MIN_INCREMENTS
Minute increments to split time date range by
-u, --utc Accepts --date_from/--date_to as UTC, Default is local time
Troubleshooting
If you have issues running the script. Try installing tablib like this:
pip install "tablib['xlsx']"
659 Dec 28, 2022
190 Jan 05, 2023
1 Feb 02, 2022
31 Dec 20, 2022
19 Jul 20, 2022
3 Mar 23, 2022
1 Oct 28, 2021
4.8k Dec 30, 2022
5 Oct 02, 2022
55 Dec 27, 2022
5 Feb 20, 2022
37 Dec 15, 2022
3.2k Jan 09, 2023
146 Dec 07, 2022
1 Jan 01, 2022
1.3k Dec 28, 2022
19 Jan 21, 2022
![[Ͼ⁴] Ƶephyr](https://avatars.githubusercontent.com/u/76829032?v=4&s=60)
2 Dec 02, 2021
6 Dec 31, 2021
6 Dec 29, 2022