SplunkSec / .conf2015

Related projects ⓘ

Alternatives and complementary repositories for .conf2015

• harvard-itsecurity / qradar-seculert-push
  Push "BAD" IPs/Networks into QRadar's "Remote Networks", tag them properly, and use them!
  ☆18Updated 11 years ago
• mixmodeai / bro_intel_linter
  Bro Intel Feed Linter
  ☆26Updated 5 years ago
• rkovar / splunk-hunting-helpers
  ☆55Updated 2 years ago
• hire-vladimir / SA-NetOps
  Allows for MAC address to vendor mapping in Splunk
  ☆16Updated last year
• georgestarcher / Splunk-Alert
  Example Splunk Alert Scripts
  ☆20Updated 9 years ago
• georgestarcher / Splunk-ESIntel-KVStore
  Splunk csv to KVStore ES Threat Intel
  ☆10Updated 8 years ago
• thnyheim / misp2bro
  Python script that gets IOC from MISP and converts it into BRO intel files.
  ☆13Updated 8 years ago
• MattUebel / splunk_UF_hardening
  scripts to configure the Splunk Universal Forwarder in a locked down state
  ☆40Updated 5 years ago
• josehelps / Splunk-Mitigation-Framework
  Framework that sits on top of Splunk Enterprise Security to do auto-mitigation
  ☆14Updated 9 years ago
• hire-vladimir / SA-IdentityAssetExtraction
  Allows to pull asset and identity data into Splunk app for Enterprise Security from LDAP and other sources
  ☆27Updated 6 years ago
• PingTrip / broctl-setcap
  Broctl plugin for automatically executing 'setcap' on each node after an install
  ☆13Updated 3 years ago
• my2ndhead / TA-microsoft-windows
  ☆14Updated 8 years ago
• spitfire55 / MegaDev
  Bro IDS + ELK Stack to detect and block data exfiltration
  ☆46Updated 6 years ago
• 0xxon / bro-scripts
  Assorted scripts for Bro
  ☆12Updated 8 years ago
• pun1sh3r / iocminion
  Just another tool to extract Indicator of compromise (ioc) from files
  ☆28Updated 9 years ago
• ncsa / bro-doctor
  ☆23Updated 4 years ago
• carbonblack / cb-taxii-connector
  Connector for pulling and converting STIX information from TAXII Service Providers into CB Feeds.
  ☆15Updated 2 years ago
• MHaggis / sysmon-splunk-app
  Sysmon Splunk App
  ☆46Updated 6 years ago
• BechtelCIRT / beholder
  Beholder is a shell script which installs and configures essentials to peer into your network activity.
  ☆19Updated 7 years ago
• gitunique / bro-scripts
  Collection of bro scripts
  ☆9Updated 9 years ago
• initconf / brocon-15
  brocon-15 scripts
  ☆13Updated 7 years ago
• zeek / cheat-sheet
  The Bro/Zeek language cheat sheet
  ☆51Updated 11 years ago
• aboutsecurity / Bro-samples
  Network Forensics Bro scripts & pcap samples
  ☆62Updated 10 years ago
• hvandenb / splunk-elasticsearch
  A search command for Splunk which will allow you to search Elastic Search and display the results in the Splunk GUI
  ☆67Updated 7 years ago
• timmolter / logstash-dfir
  Logstash configuration files for analyzing various types of logs
  ☆25Updated 7 years ago
• PaloAltoNetworks / minemeld-misp
  MineMeld nodes for MISP
  ☆18Updated 10 months ago
• juju4 / ansible-zeek
  setup zeek, previously Bro IDS
  ☆17Updated 3 weeks ago