Splunk-input-windows-baseline
Windows log collector
Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis.
Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE Att&CK
85 stars
5 watching
10 forks
last commit: 3 months ago
Linked from 1 awesome list
stuhli/awesome-event-idsRelated projects:
| Repository | Description | Stars |
|---|---|---|
| mdecrevoisier/evtx-to-mitre-attack | Provides Windows log event indicators mapped to MITRE ATT&CK tactic and techniques | 532 |
 anssi-fr/dfir-o365rc | A PowerShell module for collecting and analyzing logs from Microsoft 365 and Azure systems | 252 |
| mdecrevoisier/microsoft-eventlog-mindmap | Provides detailed mindmaps on Microsoft auditing capacities and event logs for security and monitoring | 1,048 |
 west-wind/threat-hunting-with-splunk | Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs | 58 |
 inodee/threathunting-spl | Provides Splunk code and prototypes for building rules and queries to detect malicious activity | 268 |
 spujadas/elk-docker | A pre-configured Docker image for Elasticsearch, Logstash, and Kibana to facilitate log management and analysis. | 2,160 |
 securityjoes/forensicminer | Automates evidence collection and analysis from Windows machines using PowerShell. | 149 |
 nshalabi/sysmontools | Utilities for analyzing and visualizing Windows event logs from Sysmon, helping users track and monitor system activity. | 1,492 |
 splunk/botsv2 | A comprehensive security dataset and CTF platform for analysis and training of information security professionals. | 358 |
 danielmartensson/opensourcelogger | Software for collecting and analyzing measurement data from industrial equipment. | 18 |
 thiber-org/userline | Automates analysis of Windows Security Events to identify user logon relations | 241 |
 mlsecproject/combine | Tool to gather Threat Intelligence indicators from publicly available sources | 657 |
 jscu-nl/logging-essentials | Provides guidance on configuring and collecting Windows event logs to enhance forensic analysis and incident response capabilities. | 276 |
 yamato-security/wela | Analyzes Windows Event Logs to identify security-related events and provides forensic tools for incident response. | 769 |
 improsec/sharpeventpersist | Tools to write and read shellcode from Event Log using C# and Windows persistence mechanisms | 367 |