id: 17c77743-8bdb-4d29-a3cb-a7a08676122f name: Sentinel One - Scanned hosts description: | 'Query searches for hosts with completed full scan.' severity: Low requiredDataConnectors: - connectorId: SentinelOne dataTypes: - SentinelOne tactics: - DefenseEvasion relevantTechniques: - T1070 query: | SentinelOne | where TimeGenerated > ago(24h) | where ActivityType == 92 | order by TimeGenerated | project EventCreationTime, DataComputerName | extend HostCustomEntity = DataComputerName entityMappings: - entityType: Host fieldMappings: - identifier: HostName columnName: HostCustomEntity