Threat-Hunting-With-Splunk
Threat detection queries
Provides Splunk queries to detect vulnerability exploitation attempts and subsequent compromise, including threat hunting for MITRE ATT&CK TTPs
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
57 stars
3 watching
8 forks
last commit: 7 months ago
Linked from 1 awesome list
arcanedoorbpfdoorbpfdoor-detectioncve-2024-20353cve-2024-20359detectiondetection-engineeringesxi-malwareesxi-ransomwareline-dancerline-runnermitre-attackrtm-lockersplunktext4shellvulnerability
infosecb/awesome-detection-engineeringRelated projects:
| Repository | Description | Stars |
|---|---|---|
 inodee/threathunting-spl | Provides Splunk code and prototypes for building rules and queries to detect malicious activity | 266 |
 olafhartong/threathunting | A Splunk application designed to guide threat hunts by mapping investigations to the MITRE ATT&CK framework | 1,139 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 sapphirex00/threat-hunting | A collection of threat intelligence resources and tools for analyzing APT malware | 255 |
 sk4la/plast | A modular threat-hunting tool framework for detecting indicators of compromise in incident-response operations. | 17 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 856 |
 splunk/security_content | Delivers threat intelligence and detection capabilities to Splunk Enterprise Security | 1,295 |
 gauravnarwani97/trishul | Automated vulnerability detection tool for web applications | 234 |
| sbousseaden/pcap-attack | A collection of PCAP captures used to demonstrate post-exploitation techniques and threat hunting tactics. | 344 |
 bugcrowd/hunt | An extension for Burp Suite that provides a structured approach to identifying and testing common vulnerability parameters. | 2,183 |
 xnl-h4ck3r/gap-burp-extension | An extension for Burp Suite that identifies potential security vulnerabilities in web applications by analyzing endpoints, parameters, and generating custom target wordlists. | 1,253 |
 secdec/attack-surface-detector-burp | Identifies web app endpoints and parameters to help detect vulnerabilities | 98 |
 mdecrevoisier/splunk-input-windows-baseline | Provides an advanced Splunk configuration for collecting Windows log data relevant to threat detection, incident response, and forensic analysis. | 81 |
 initroot/burpsqltruncsanner | Automatically scans endpoints for potential SQL Truncation vulnerabilities by fuzzing request parameters | 61 |
| splunk/botsv2 | A comprehensive security dataset and CTF platform for analysis and training of information security professionals. | 358 |