DanielSchwartz1 / SplunkForPCAPLinks
The PCAP Analyzer for Splunk includes useful Dashboards to analyze network packet capture files from Wireshark or Network Monitor (.pcap) and network streaming data (Splunk App for Stream). The App includes Dashboards which will show you: - The Top Talker IP's, Protocols, VLANs, Conversations - Detailed overview about IP Conversations, Packet L…
☆43Updated last year
Alternatives and similar repositories for SplunkForPCAP
Users that are interested in SplunkForPCAP are comparing it to the libraries listed below
Sorting:
- Security Onion Elastic Stack☆46Updated 4 years ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Updated 6 years ago
- A website and framework for testing NIDS detection☆57Updated 4 years ago
- Download a list of suspected malicious IPs and Domains. Create a QRadar Reference Set. Search Your Environment For Malicious IPs☆69Updated 4 years ago
- MineMeld nodes for MISP☆19Updated last year
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19Updated 4 years ago
- Presentation Slides and Video links☆32Updated 3 years ago
- ☆35Updated 4 years ago
- automate your MISP installs☆68Updated 5 years ago
- WebUI of MineMeld☆43Updated 2 years ago
- SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack…☆94Updated 3 years ago
- Cyber Defence Monitoring Course Suite :: Suricata, Arkime (and others in the past)☆106Updated last year
- Sysmon Splunk App☆47Updated 7 years ago
- Wireshark plugin to display Suricata analysis info☆95Updated 3 years ago
- Threat Hunting with ELK Workshop (InfoSecWorld 2017)☆66Updated 7 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆121Updated 4 years ago
- ☆13Updated 5 years ago
- Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses☆102Updated 5 years ago
- Snorpy is a python script the gives a Gui interface to help those new to snort create rules.☆63Updated last year
- Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.☆69Updated last year
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆102Updated last month
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Updated 7 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆122Updated 4 years ago
- Tools for the Computer Incident Response Team☆144Updated 8 years ago
- A collection of notebooks built for defensive and offensive operations.☆77Updated 4 years ago
- DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…☆171Updated 2 years ago
- A few scripts I put together for testing purposes and to automate a few capabilities while doing IR. These scripts are also part of my bl…☆55Updated 7 years ago
- This repository contains advanced threat hunting scripts for Cisco Secure Endpoint API. The scripts leverage the AMP API to hunt for thre…☆14Updated 2 months ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆34Updated 6 years ago
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆40Updated 2 years ago