A command line tool that creates a super timeline from SentinelOne's Deep Visibility data

Related tags

Command-line ToolsS1SuperTimeline
Overview

S1SuperTimeline

A command line tool that creates a super timeline from SentinelOne's Deep Visibility data

What does it do?

The script accepts a S1QL query and returns a XLSX document with all the data. The script has mulithreading capabilities and allows the user to break up queries by minute increments. This method automates downloading datasets that are over 20K records (Deep Visibility's limit). For example, a hosts entire deep visbility history could be downloaded using this script. Assuming you do not go over 1,048,576 records (xlsx limit).

How to run it

Install dependencies

pip install -r requirements.txt

Run

# Hour Increments (60 min)
python3 s1_supertimeline.py -t my_api_token -url sentinelone.com -from 2020-01-01T00:00 -to 2020-01-01T12:30 -min 60

Help Page

python3 s1_supertimeline.py -h

usage: s1_supertimeline.py [-h] -t S1_API_TOKEN -url S1_URL -from FROM_DATE -to TO_DATE -min MIN_INCREMENTS [-u]

SentinelOne SuperTimeline :: By Juan Ortega 
   
    

options:
  -h, --help            show this help message and exit

Required Arguments:
  -t S1_API_TOKEN, --s1_api_token S1_API_TOKEN
                        SentinelOne API Token
  -url S1_URL, --s1_url S1_URL
                        SentinelOne Console Url
  -from FROM_DATE, --from_date FROM_DATE
                        From Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
  -to TO_DATE, --to_date TO_DATE
                        To Date. Format YYYY-MM-DDTHH:MM or YYYY-MM-DD
  -min MIN_INCREMENTS, --min_increments MIN_INCREMENTS
                        Minute increments to split time date range by
  -u, --utc             Accepts --date_from/--date_to as UTC, Default is local time

Troubleshooting

If you have issues running the script. Try installing tablib like this:

pip install "tablib['xlsx']"
Owner
Juan Ortega
Engineering. Incident Response. Network, Memory, and Disk Forensics. Python.
Juan Ortega
GitHub Repository
Professor Wordlist is a free open source command line tool written in python

Professor Wordlist is a free open source command line tool written in python, With the aim of generating custom wordlists with a variety of unique parameters and functions providing many possibilitie

オークO A K Z E H オーク 1 Oct 28, 2021
A dashboard for your Terminal written in the Python 3 language,

termDash is a handy little program, written in the Python 3 language, and is a small little dashboard for your terminal, designed to be a utility to help people, as well as helping new users get used

Rebecca White 2 Dec 03, 2021
MiShell is a multi-platform, multi-architecture project based on the first version (MiShell32)

MiShell is a multi-platform, multi-architecture project based on the first version (MiShell32), which offers super super small reverse shell payloads great for injection in buffer overflow vulnerabil

Kamyar Hatamnezhad 0 Oct 27, 2022
Animefetch is an anime command-line system information tool written in python

Animefetch - v0.0.3 An anime command-line system information tool written in python. Description Animefetch is an anime command-line system informatio

Thadeuks 6 Jun 17, 2022
A simple command line dumper written in Python 3.

A simple command line dumper written in Python 3.

ImFatF1sh 1 Oct 10, 2021
A powerful, colorful, beautiful command-line-interface for pypi.org

pypi-command-line pypi-command-line is a colorful, powerful, and beautiful command line interface for pypi.org that is actively maintained Detailed Do

Wasi Master 32 Jun 23, 2022
Color preview command-line tool written in python

Color preview command-line tool written in python

Arnau 1 Dec 27, 2021
Password manager for the CLI simps.

CLI Password Manager Password manager for the CLI simps. Free software: MIT license

1 Dec 30, 2021
Simple CLI tool to track your cryptocurrency portfolio in real time.

Simple tool to track your crypto portfolio in realtime. It can be used to track any coin on the BNB network, even obscure coins that are not listed or trackable by major portfolio tracking applicatio

Trevor White 69 Oct 24, 2022
A command line interface to interact with the Hypixel api allowing the user to get stats, leaderboards, etc

HyConsole is a way to get data on players and leaderboards from the Hypixel Minecraft server from the command line. Keep in mind I have no a

1 Feb 14, 2022
A command line application, written in Python, for interacting with Spotify.

spotify-py-cli A command line application, written in Python, for interacting with Spotify. The primary purpose behind developing this app was to gain

Drew Loukusa 0 Oct 07, 2021
CLI tool that helps manage shell libraries.

shmgr CLI tool that helps manage shell libraries. Badges 📛 project status badges: version badges: tools / frameworks used by test suite (i.e. used by

Bryan Bugyi 0 Dec 15, 2021
AthenaCLI is a CLI tool for AWS Athena service that can do auto-completion and syntax highlighting.

Introduction AthenaCLI is a command line interface (CLI) for the Athena service that can do auto-completion and syntax highlighting, and is a proud me

dbcli 192 Jan 07, 2023
Convert markdown to HTML using the GitHub API and some additional tweaks with Python.

Convert markdown to HTML using the GitHub API and some additional tweaks with Python. Comes with full formula support and image compression.

phseiff 70 Dec 23, 2022
CPOST is a CLI tool to assist with the proper sizing of Clara Deploy pipelines

CPOST (Clara Pipeline Operator Sizing Tool) Tool to measure resource usage of Clara Platform pipeline operators Cpost is a tool that will help you run

NVIDIA Corporation 5 Sep 27, 2021
Freaky fast fuzzy Denite/CtrlP matcher for vim/neovim

Freaky fast fuzzy Denite/CtrlP matcher for vim/neovim This is a matcher plugin for denite.nvim and CtrlP.

Raghu 113 Sep 29, 2022
frogtrade9000 - a command-line Rich client for the freqtrade REST API

frogtrade9000 - a command-line Rich client for the freqtrade REST API I found FreqUI too cumbersome and slow on my Raspberry Pi 400 when running multi

Robert Davey 79 Dec 02, 2022
A python Ethereum utilities command-line tool.

peth-cli A python Ethereum utilities command-line tool. After wasting the all day trying to install seth and failed, I took another day to write this.

Moon 55 Nov 15, 2022
A Python command-line utility for validating that the outputs of a given Declarative Form Azure Portal UI JSON template map to the input parameters of a given ARM Deployment Template JSON template

A Python command-line utility for validating that the outputs of a given Declarative Form Azure Portal UI JSON template map to the input parameters of a given ARM Deployment Template JSON template

Glenn Musa 1 Feb 03, 2022
img-proof (IPA) provides a command line utility to test images in the Public Cloud

overview img-proof (IPA) provides a command line utility to test images in the Public Cloud (AWS, Azure, GCE, etc.). With img-proof you can now test c

13 Jan 07, 2022