threathunting-spl
Splunk query library
Provides Splunk code and prototypes for building rules and queries to detect malicious activity
Splunk code (SPL) for serious threat hunters and detection engineers.
268 stars
25 watching
41 forks
last commit: about 1 year ago
Linked from 1 awesome list
rulessiemsplsplunkthreat-huntinguse-case
infosecb/awesome-detection-engineeringRelated projects:
| Repository | Description | Stars |
|---|---|---|
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,141 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 splunk/security_content | Delivers threat intelligence and detection capabilities to Splunk Enterprise Security | 1,319 |
 threathuntingproject/threathunting | An informational repository providing resources and knowledge for detecting adversaries in IT environments. | 1,726 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
 miladaslaner/threathunt | A PowerShell repository to simulate and train threat hunting skills without malicious files. | 134 |
| splunk/attack_range | A tool to simulate attacks against virtual environments and collect data into Splunk for detection development | 2,181 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
 inquest/threatingestor | Extracts and aggregates threat intelligence from various sources | 836 |
 threathunters-io/laurel | Converts Linux audit logs into standardized JSON format for enhanced security monitoring | 722 |
 sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
| splunk/botsv2 | A comprehensive security dataset and CTF platform for analysis and training of information security professionals. | 358 |
 ninoseki/mihari | An aggregator tool for querying multiple services to gather threat intelligence data. | 870 |
 phantomcyber/playbooks | Community-developed playbooks and custom functions for Splunk SOAR threat hunting and incident response | 478 |