Code is missing the ability to properly convert --query option to SentinelOne S1QL query language. ProcessName search is not currently supported with --query. Additionally it is recommended that containsCIS or contains anycase be used in most or all cases for best search results.
This can bee reproduced by using the --query parameter when running surveyor against SentinelOne.
Code is missing the ability to properly convert --query option to SentinelOne S1QL query language. ProcessName search is not currently supported with --query. Additionally it is recommended that containsCIS or contains anycase be used in most or all cases for best search results.
This can bee reproduced by using the --query parameter when running surveyor against SentinelOne.