Threat-Hunting-With-Splunk

Threat detection queries

Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

GitHub

58 stars
3 watching
8 forks
last commit: 8 months ago
Linked from 1 awesome list

arcanedoorbpfdoorbpfdoor-detectioncve-2024-20353cve-2024-20359detectiondetection-engineeringesxi-malwareesxi-ransomwareline-dancerline-runnermitre-attackrtm-lockersplunktext4shellvulnerability

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
inodee/threathunting-spl Provides Splunk code and prototypes for building rules and queries to detect malicious activity 268
olafhartong/threathunting A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework 1,141
sbousseaden/slides Collection of resources and concepts for threat hunting and detection engineering. 372
sapphirex00/threat-hunting A collection of threat intelligence resources and tools for analyzing APT malware 257
sk4la/plast A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. 17
a3sal0n/cyberthreathunting A collection of tools and resources for threat hunters to identify and respond to cyber threats. 861
splunk/security_content Delivers threat intelligence and detection capabilities to Splunk Enterprise Security 1,314
gauravnarwani97/trishul Automated vulnerability detection tool for web applications 235
sbousseaden/pcap-attack A collection of PCAP captures used to demonstrate post-exploitation techniques and threat hunting tactics. 346
bugcrowd/hunt An extension for Burp Suite that provides a structured approach to identifying and testing common vulnerability parameters. 2,192
xnl-h4ck3r/gap-burp-extension An extension for Burp Suite that identifies potential security vulnerabilities in web applications by analyzing endpoints, parameters, and generating custom target wordlists. 1,280
secdec/attack-surface-detector-burp Identifies web app endpoints and parameters to help detect vulnerabilities 98
mdecrevoisier/splunk-input-windows-baseline Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. 85
initroot/burpsqltruncsanner Automatically scans endpoints for potential SQL Truncation vulnerabilities by fuzzing request parameters 62
splunk/botsv2 A comprehensive security dataset and CTF platform for analysis and training of information security professionals. 358