RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
☆63Updated this week
Alternatives and similar repositories for rba
Users that are interested in rba are comparing it to the libraries listed below
Sorting:
- Kintyre's Splunk Configuration tool☆53Mar 11, 2025Updated 11 months ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆94Jun 28, 2025Updated 7 months ago
- Splunk spec files version history☆41Feb 9, 2026Updated 2 weeks ago
- scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content☆31Jul 1, 2024Updated last year
- Config viewer and file editor for Splunk. Based on VSCode.☆33Feb 1, 2026Updated 3 weeks ago
- Azure Functions for getting data in to Splunk☆33Oct 22, 2025Updated 4 months ago
- Splunk Connect for Syslog☆173Feb 20, 2026Updated last week
- Splunk Content Control Tool☆128Updated this week
- Data validator agains Splunk Common Information Model (CIM)☆78Mar 27, 2024Updated last year
- Splunk app to monitor the /etc directory of Splunk for all changes of .conf files☆13Jan 26, 2018Updated 8 years ago
- Splunk connect for SNMP☆39Updated this week
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- Shell script to download apps from Splunkbase☆23May 19, 2020Updated 5 years ago
- Postfix Add-on for Splunk (Compliant with the Mail CIM model)☆11Mar 18, 2021Updated 4 years ago
- Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.☆14Dec 6, 2025Updated 2 months ago
- Bulk modify Splunk Knowledge Object's owners, permissions, apps, sharing and move them to another app☆26Aug 27, 2022Updated 3 years ago
- The Stamus Networks App for Splunk allows Splunk Enterprise users to extract information and insights from both the Stamus Security Plat…☆13Jan 7, 2026Updated last month
- Workshop showing you how to setup Amazon Web Services to send data to Splunk☆74Sep 9, 2020Updated 5 years ago
- Splunk technical add-on (TA) for ingesting BigFix client, relay, and server logs. Includes REST inputs for ingesting assets, relevant fix…☆17Mar 11, 2025Updated 11 months ago
- Demo of private-apps ci/cd integration into splunkcloud using the admin config service☆18Dec 20, 2023Updated 2 years ago
- ☆13Feb 18, 2026Updated last week
- Admin Config Service CLI☆17Feb 12, 2026Updated 2 weeks ago
- Splunk csv to KVStore ES Threat Intel☆11Jul 11, 2016Updated 9 years ago
- How to run cluster of Splunk Enterprise in Docker. Examples.☆34Oct 27, 2016Updated 9 years ago
- Ansible framework providing a fast and simple way to spin up complex Splunk environments.☆132Feb 17, 2026Updated last week
- Maps+ for Splunk☆20Feb 19, 2026Updated last week
- ☆15Jan 9, 2026Updated last month
- MISP to Splunk Enterprise Security Theat Intelligence Framework Integration☆14Jul 11, 2023Updated 2 years ago
- This TA takes Suricata5 data from your port mirrored Suricata server and makes it readable within Splunk. See Cheatsheets on how to setup…☆15Sep 5, 2020Updated 5 years ago
- ☆16Jun 10, 2020Updated 5 years ago
- ☆77Jul 15, 2021Updated 4 years ago
- Phantom Apps Repo☆82Nov 9, 2021Updated 4 years ago
- ☆17May 6, 2021Updated 4 years ago
- Atlasian JIRA add-on for Splunk alert actions☆15Dec 2, 2025Updated 2 months ago
- scripts to configure the Splunk Universal Forwarder in a locked down state☆40Dec 13, 2018Updated 7 years ago
- ☆42Oct 10, 2023Updated 2 years ago
- Collection of Dashboards for Threat Hunting and more!☆74Oct 17, 2020Updated 5 years ago
- Splunk scripted input for opening a backconnect shell on a remote forwarder☆45Nov 18, 2020Updated 5 years ago
- This repository is a comprehensive collection of resources, documentation, apps, and add-ons related to Splunk, a powerful data analytics…☆24Feb 16, 2026Updated last week