Okay, I know — another SentinelOne article. But hear me out. What I'm about to show you changed how you think about detection engineering, and I genuinely can't stop thinking about it. If you've been following this series, you already know I covered the Detection Center in the last article. https://www.cyberengage.org/post/sentinelone-detection-center-library-rules-emerging-threats-and-what-it-all-actually-means Go check that one out if you haven't — link at the top. But tod

Okay let me be real with you for a second. Browser forensics manually? It's a pain. You're digging through SQLite databases, remembering artifact locations, writing queries — and if you're doing it with free tools, it only gets worse. I actually built a full series on how to do this manually if you want to go deep on it — link here: https://www.cyberengage.org/courses-1/introducing%3A-browser-forensics-%E2%80%93-your-ultimate-guide-to-manual-analysis But today? I found a tool

Okay so if you've been following this SentinelOne series, you know we've covered a lot of ground. Complete Series: https://www.cyberengage.org/courses-1/mastering-sentinelone%3A-a-comprehensive-guide-to-deep-visibility%2C-threat-hunting%2C-and-advanced-querying%22 But this one is genuinely exciting — SentinelOne just dropped something that takes a big burden off security teams, especially those who don't have the time or expertise to write custom detection rules from scratch.

Most people have never heard of it. But when someone opened a suspicious file, deleted emails to cover their tracks, or tried to access an encrypted document they weren't supposed to — Office quietly wrote it all down. --------------------------------------------------------------------------------------------------------- Wait, What Even Is OAlerts? Okay let me start with a question. You know when you're about to close a Word document and it hasn't been saved, and that littl

Intro In previous articles we covered ESEDatabaseView for raw database exploration, and SrumECmd for fast command-line parsing. https://www.cyberengage.org/post/how-to-use-srumecmd-to-parse-and-analyze-srudb-dat-files https://www.cyberengage.org/post/examining-srum-with-esedatabaseview This article introduces a fourth approach: SRUM-DUMP v3. Version 3 is a significant redesign from 2.6. If you waana learn or see how version 2.6 works Check out below article https://www.cybere