splunk / rba
RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
☆50Updated last week
Related projects ⓘ
Alternatives and complementary repositories for rba
- scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content☆28Updated 4 months ago
- Splunk Content Control Tool☆91Updated this week
- Splunk spec files version history☆32Updated 2 months ago
- Data validator agains Splunk Common Information Model (CIM)☆75Updated 7 months ago
- TrackMe - Data tracking system for Splunk admins☆49Updated last year
- Risk Based Alerting Supporting Add-On (SA) for Splunk☆45Updated 3 years ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆266Updated 10 months ago
- SPL cheatsheet for Splunk.☆20Updated last year
- Splunk (Other Splunk scripts which do not fit into the SplunkAdmins application)☆39Updated 2 months ago
- Splunk Admins application to assist with troubleshooting Splunk enterprise installations☆91Updated this week
- Collection of useful python scripts to interact with Splunk's API.☆15Updated 2 years ago
- ☆69Updated 4 months ago
- Small and highly portable detection tests based on MITRE's ATT&CK.☆11Updated 3 years ago
- Visual Studio Code Extension for Splunk☆87Updated last month
- Grand Central logging for Cloud Services to Splunk☆36Updated 2 years ago
- Scripted inputs designed to address common use-cases in forwarder misconfigurations in a Splunk deployment☆34Updated 2 months ago
- Azure Functions for getting data in to Splunk☆31Updated 7 months ago
- A repository for generalized splunk code, dashboards, resources and suggestions/recommendations.☆30Updated last year
- Searches and dashboards to assist with optimising concurrency settings☆30Updated 2 years ago
- ☆87Updated 2 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆107Updated 4 years ago
- Splunk Apps and Documentation☆15Updated 4 months ago
- Bulk modify Splunk Knowledge Object's owners, permissions, apps, sharing and move them to another app☆23Updated 2 years ago
- Public script from SANS FOR509 Enterprise Cloud Incident Response☆179Updated 2 months ago
- Ansible framework providing a fast and simple way to spin up complex Splunk environments.☆117Updated 8 months ago
- Kintyre's Splunk Configuration tool☆50Updated 10 months ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆141Updated last year