splunk / rbaLinks
RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
☆54Updated this week
Alternatives and similar repositories for rba
Users that are interested in rba are comparing it to the libraries listed below
Sorting:
- Splunk Content Control Tool☆114Updated this week
- scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content☆29Updated 11 months ago
- Data validator agains Splunk Common Information Model (CIM)☆76Updated last year
- Splunk code (SPL) for serious threat hunters and detection engineers.☆276Updated last year
- Splunk Admins application to assist with troubleshooting Splunk enterprise installations☆95Updated 2 weeks ago
- TrackMe - Data tracking system for Splunk admins☆50Updated 2 years ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11Updated 3 years ago
- Splunk spec files version history☆35Updated last month
- Risk Based Alerting Supporting Add-On (SA) for Splunk☆45Updated 3 years ago
- ☆71Updated 10 months ago
- Collection of useful python scripts to interact with Splunk's API.☆15Updated 3 years ago
- A repository for generalized splunk code, dashboards, resources and suggestions/recommendations.☆32Updated 2 years ago
- Home for Splunk security datasets.☆125Updated 5 years ago
- Scripted inputs designed to address common use-cases in forwarder misconfigurations in a Splunk deployment☆35Updated 9 months ago
- A list of Splunk queries that I've collected and used over time.☆83Updated 4 years ago
- Splunk (Other Splunk scripts which do not fit into the SplunkAdmins application)☆41Updated 9 months ago
- Kintyre's Splunk Configuration tool☆53Updated 2 months ago
- Converts Sigma detection rules to a Splunk alert configuration.☆111Updated 5 years ago
- SPL cheatsheet for Splunk.☆23Updated 2 years ago
- Visual Studio Code Extension for Splunk☆91Updated 3 weeks ago
- Splunk App for Data Science and Deep Learning - container images repository☆54Updated this week
- Grand Central logging for Cloud Services to Splunk☆36Updated 3 years ago
- Guidance on deploying Splunk Enterprise on Azure with automated reference implementation☆30Updated 2 years ago
- Ansible framework providing a fast and simple way to spin up complex Splunk environments.☆126Updated 4 months ago
- ☆95Updated 2 years ago
- Searches and dashboards to assist with optimising concurrency settings☆30Updated 3 years ago
- ☆74Updated 3 years ago
- Splunk Remote Work Insights - Executive Dashboard☆42Updated 4 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆201Updated 5 years ago
- Clara-Fication Workshop: Understanding the Expensive Bits in Your Splunk Environment☆16Updated 11 months ago