splunk / rbaLinks

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.

☆63

Alternatives and similar repositories for rba

Users that are interested in rba are comparing it to the libraries listed below

Sorting:

splunk / contentctl
Splunk Content Control Tool
☆126Updated last week
mthcht / lookup-editor_scripts
scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content
☆31Updated last year
gjanders / SplunkAdmins
Splunk Admins application to assist with troubleshooting Splunk enterprise installations
☆99Updated 2 weeks ago
guilhemmarchand / trackme
TrackMe - Data tracking system for Splunk admins
☆49Updated 3 years ago
inodee / threathunting-spl
Splunk code (SPL) for serious threat hunters and detection engineers.
☆289Updated 2 years ago
hire-vladimir / SA-cim_vladiator
Data validator agains Splunk Common Information Model (CIM)
☆78Updated last year
jewnix / splunk-spec-files
Splunk spec files version history
☆40Updated this week
splunk / atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
☆12Updated 4 years ago
splunk / security_content_docs
Contains research.splunk.com site code
☆11Updated last year
splunk / securitydatasets
Home for Splunk security datasets.
☆128Updated 5 years ago
splunk / vscode-extension-splunk
Visual Studio Code Extension for Splunk
☆94Updated last week
splunk / splunk-connect-for-syslog
Splunk Connect for Syslog
☆172Updated last week
ChrisForsythe / SplunkStuff
A repository for generalized splunk code, dashboards, resources and suggestions/recommendations.
☆32Updated 3 years ago
paychex / splunk-python
Collection of useful python scripts to interact with Splunk's API.
☆15Updated 4 years ago
dpaper-splunk / public
☆73Updated last year
3CORESec / SIEGMA
SIEGMA - Transform Sigma rules into SIEM consumables
☆159Updated 10 months ago
splunk / rwi_executive_dashboard
Splunk Remote Work Insights - Executive Dashboard
☆43Updated 5 years ago
apger / SA-RBA
Risk Based Alerting Supporting Add-On (SA) for Splunk
☆44Updated 4 years ago
codingWithJimmy / SplunkForwarderRepairKit
Scripted inputs designed to address common use-cases in forwarder misconfigurations in a Splunk deployment
☆35Updated last year
splunk / splunk-mltk-container-docker
Splunk App for Data Science and Deep Learning - container images repository
☆63Updated 2 months ago
pe3zx / crowdstrike-falcon-queries
A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon
☆214Updated 5 years ago
CrowdStrike / logscale-community-content
This repository contains Community and Field contributed content for LogScale
☆315Updated last week
k-bailey / detection-engineering-maturity-matrix
☆99Updated 3 years ago
dlcowen / sansfor509
Public script from SANS FOR509 Enterprise Cloud Incident Response
☆218Updated 3 months ago
splunk / botsv3
Splunk Boss of the SOC version 3 dataset.
☆404Updated 5 years ago
shauntdergrigorian / splunkqueries
A list of Splunk queries that I've collected and used over time.
☆90Updated 5 years ago
splunk / splunk-platform-automator
Ansible framework providing a fast and simple way to spin up complex Splunk environments.
☆131Updated last week
splunk / splunk-app-examples
App examples for Splunk Enterprise
☆151Updated last week
gjanders / Splunk
Splunk (Other Splunk scripts which do not fit into the SplunkAdmins application)
☆41Updated last week
nicovdw / splunk_concurrency_helper
Searches and dashboards to assist with optimising concurrency settings
☆30Updated 3 years ago