SentinelOne Query library https://community.sentinelone.

com/s/article/000006188

Home (/s/) Knowledge Base (/s/knowledge-base) Support Groups (/s/group/CollaborationGroup/00Bw0000006x�JEAQ)

SEARCH SENTINELONE

Search...

1 of 3 7/23/25, 21:42
SentinelOne Query library https://community.sentinelone.com/s/article/000006188

All Categories (/s/knowledge-base)

Getting Started
> Singularity Endpoint Security (/s/topic/0TOTc0000000NHZOA2)

Release Notes & Requirements > Legacy Deep Visibility (/s/topic/0TOTc0000000NPdOAM)

> Creating Deep Visibility Queries (/s/topic/0TO69000000as2dGAA)
Setting Up The Management Console > SentinelOne Query library (/s/article/000006188)

Working With The Management Console

Article Detail (?tabse… Attachments (?tabset…
Working With The Agent

Singularity Endpoint Security

SentinelOne Query library
Policies & Modules
Last Updated: Dec 31, 2024
Event Collection And Analysis

Threat Detection
Supported from Management Version (https://
Reports community.sentinelone.com/s/article/000004935): Petra
Legacy Deep Visibility Supported from Agent Version (https://
community.sentinelone.com/s/article/000004968): Windows 4.4 |
Deep Visibility Query Syntax macOS 4.3 | macOS Kextless 4.6 | Linux 4.4 | K8s 4.4

Creating Deep Visibility Queries This feature requires SKU: Singularity™ Complete

Using Deep Visibility Query Results

Singularity Mobile Security Objective: The SentinelOne query library gives you example Deep
Uni�ed EDR And Identity Security Visibility™ S1QL queries that you can use to get started with Deep
Visibility™, and as a resource for more advanced queries.
Singularity Exposure Management

Singularity Cloud Security

Singularity Data Lake (SDL)

Purple AI

Singularity Identity Security Each time you open a new tab in Hunting, the query library shows under
the query builder with these sections:
Singularity Threat Services
• Basic Event Queries - Get started with some basic queries to run
in your environment.
Singularity Marketplace

Singularity Hyperautomation • Advanced Event Queries - Examples of advanced queries that

can be helpful for threat hunting.
Support & Professional Services
• S1 Research Queries - Professional threat hunting queries from
the SentinelOne Research team. This includes queries to �nd
indicators of compromise (IOCs) related to threats seen around
the world.

Getting Started • Recent Queries - See queries that you ran recently.

Release Notes & Requirements Click a query to run it with the default query settings.

Setting Up The Management Console

Actions from the Query Library

From each query in the library, click the ellipses (...) for these options:
Working With The Management Console

Working With The Agent

Singularity Endpoint Security

2 of 3 7/23/25, 21:42
SentinelOne Query library https://community.sentinelone.com/s/article/000006188

Policies & Modules

Event Collection And Analysis

Threat Detection

Reports

Legacy Deep Visibility

Deep Visibility Query Syntax

Creating Deep Visibility Queries • Copy Query -Copy the query to your clipboard.

Using Deep Visibility Query Results

• Run Query - The query runs with the default query settings.
Singularity Mobile Security

Uni�ed EDR And Identity Security • Save as rule - Save the query as a Custom Rule. See STAR Custom
Rules (https://community.sentinelone.com/s/article/000006201)
Singularity Exposure Management
for more details.

Singularity Cloud Security

Singularity Data Lake (SDL)

Purple AI
Was this ar�cle helpful? Yes No

Singularity Identity Security

Singularity Threat Services Related Articles

Singularity Marketplace
Overview of building a query
Singularity Hyperautomation (/s/article/000006185)

Support & Professional Services SDL API - query

(/s/article/000006774)

Query Language Overview

(/s/article/000006618)

The Search Library

(/s/article/000006479)

Event query
(/s/article/000006264)

(https://twitter.com/SentinelOne) (https:// 444 Castro Street Suite 400 Mountain View, CA 94041
www.linkedin.com/company/sentinelone/) (https:// +1-855-868-3733
www.facebook.com/SentinelOne/) (https://www.youtube.com/ community@sentinelone.com (mailto:community@sentinelone.com)
c/Sentinelone-inc)

©2025 SentinelOne, Con�dential and All Rights Reserved

Privacy Policy (https://www.sentinelone.com/legal/privacy-policy/)
Support Terms (https://www.sentinelone.com/legal/support-terms/)
Customer Community Terms of Use (https://www.sentinelone.com/
legal/customer-community-terms-of-use/)

3 of 3 7/23/25, 21:42