Threat-Hunting-With-Splunk
Threat detection queries
Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
58 stars
3 watching
8 forks
last commit: 8 months ago
Linked from 1 awesome list
arcanedoorbpfdoorbpfdoor-detectioncve-2024-20353cve-2024-20359detectiondetection-engineeringesxi-malwareesxi-ransomwareline-dancerline-runnermitre-attackrtm-lockersplunktext4shellvulnerability
Related projects:
Repository | Description | Stars |
---|---|---|
inodee/threathunting-spl | Provides Splunk code and prototypes for building rules and queries to detect malicious activity | 268 |
olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,141 |
sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 257 |
sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
splunk/security_content | Delivers threat intelligence and detection capabilities to Splunk Enterprise Security | 1,314 |
gauravnarwani97/trishul | Automated vulnerability detection tool for web applications | 235 |
sbousseaden/pcap-attack | A collection of PCAP captures used to demonstrate post-exploitation techniques and threat hunting tactics. | 346 |
bugcrowd/hunt | An extension for Burp Suite that provides a structured approach to identifying and testing common vulnerability parameters. | 2,192 |
xnl-h4ck3r/gap-burp-extension | An extension for Burp Suite that identifies potential security vulnerabilities in web applications by analyzing endpoints, parameters, and generating custom target wordlists. | 1,280 |
secdec/attack-surface-detector-burp | Identifies web app endpoints and parameters to help detect vulnerabilities | 98 |
mdecrevoisier/splunk-input-windows-baseline | Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. | 85 |
initroot/burpsqltruncsanner | Automatically scans endpoints for potential SQL Truncation vulnerabilities by fuzzing request parameters | 62 |
splunk/botsv2 | A comprehensive security dataset and CTF platform for analysis and training of information security professionals. | 358 |