Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories SentinelOne
Created by Chris Towle
Created on Sep 21, 2021

SentinelOne: Group in Detect Mode

This metric will find if a Group has it's policy set to detect mode. Will be useful for alerting if this client should be in protect mode.

Query

Groups[?GroupPolicyInformation.mitigationMode==`detect` || GroupPolicyInformation.mitigationModeSuspicious=='detect'].{GroupName: name, mitigationMode: GroupPolicyInformation.mitigationMode, mitigationModeSuspicious: GroupPolicyInformation.mitigationModeSuspicious}

  • Attach files