splunk/rba external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

splunk/rba

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/splunk/rba)

Close

splunk / rbaView on GitHubMore

• External links
• Readme badge

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.

☆66Apr 10, 2026Updated last month

Alternatives and similar repositories for rba

Users that are interested in rba are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mdecrevoisier / Splunk-input-windows-baseline

  View on GitHub
  Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…
  ☆99Apr 7, 2026Updated last month
• ryanadler / downloadSplunk

  View on GitHub
  Downloading Splunk, made easy through scripts
  ☆28Apr 28, 2026Updated 3 weeks ago
• jewnix / splunk-spec-files

  View on GitHub
  Splunk spec files version history
  ☆43May 4, 2026Updated 2 weeks ago
• bautt / splunk4champions2

  View on GitHub
  Splunk App for Splunk4Champions Workshop
  ☆23May 5, 2026Updated 2 weeks ago
• mthcht / lookup-editor_scripts

  View on GitHub
  scripts using splunk application lookup-editor endpoint. Download, upload and update splunk lookups content
  ☆32Jul 1, 2024Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• steveandreassend / linux_auditd

  View on GitHub
  Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.
  ☆18Dec 6, 2025Updated 5 months ago
• splunk / contentctl

  View on GitHub
  Splunk Content Control Tool
  ☆133May 6, 2026Updated last week
• amiracle / grand_central

  View on GitHub
  Grand Central logging for Cloud Services to Splunk
  ☆37Jan 22, 2022Updated 4 years ago
• hire-vladimir / SA-cim_vladiator

  View on GitHub
  Data validator agains Splunk Common Information Model (CIM)
  ☆78Mar 27, 2024Updated 2 years ago
• splunk / splunk-connect-for-snmp

  View on GitHub
  Splunk connect for SNMP
  ☆41Updated this week
• hire-vladimir / SA-syslog_collection

  View on GitHub
  Monitor syslog collection infrastructure & offer syslog configuration templates.
  ☆27Feb 9, 2018Updated 8 years ago
• splunk / splunk-connect-for-syslog

  View on GitHub
  Splunk Connect for Syslog
  ☆177Updated this week
• splunk / azure-functions-splunk

  View on GitHub
  Azure Functions for getting data in to Splunk
  ☆33Apr 20, 2026Updated 3 weeks ago
• ChrisYounger / config_explorer

  View on GitHub
  Config viewer and file editor for Splunk. Based on VSCode.
  ☆34Mar 7, 2026Updated 2 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• splunk / TA-microsoft-365-defender-advanced-hunting-add-on

  View on GitHub
  ☆15Jan 9, 2026Updated 4 months ago
• west-wind / Threat-Hunting-With-Splunk

  View on GitHub
  Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
  ☆69Apr 29, 2024Updated 2 years ago
• MHaggis / sysmon-splunk-app

  View on GitHub
  Sysmon Splunk App
  ☆47Aug 21, 2018Updated 7 years ago
• splunk / acs-cli

  View on GitHub
  Admin Config Service CLI
  ☆17Mar 10, 2026Updated 2 months ago
• xpac1985 / git-config-tracker

  View on GitHub
  Splunk app to monitor the /etc directory of Splunk for all changes of .conf files
  ☆13Jan 26, 2018Updated 8 years ago
• gjanders / SplunkAdmins

  View on GitHub
  Splunk Admins application to assist with troubleshooting Splunk enterprise installations
  ☆100May 11, 2026Updated last week
• sghaskell / maps-plus

  View on GitHub
  Maps+ for Splunk
  ☆21May 9, 2026Updated last week
• silkyrich / cluster_health_tools

  View on GitHub
  ☆76Jul 15, 2021Updated 4 years ago
• guilhemmarchand / TA-jira-service-desk-simple-addon

  View on GitHub
  Atlasian JIRA add-on for Splunk alert actions
  ☆15May 6, 2026Updated last week
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• splunk / security_content

  View on GitHub
  Splunk Security Content
  ☆1,623Updated this week
• splunk / attack_data

  View on GitHub
  A repository of curated datasets from various attacks
  ☆767Updated this week
• splunk / splunk-operator

  View on GitHub
  Splunk Operator for Kubernetes
  ☆258May 4, 2026Updated 2 weeks ago
• amiracle / cooking_with_Splunk_and_AWS

  View on GitHub
  Workshop showing you how to setup Amazon Web Services to send data to Splunk
  ☆74Sep 9, 2020Updated 5 years ago
• cookpad / aws-falcon-data-forwarder

  View on GitHub
  CrowdStrike Falcon log forwarder from falcon S3 bucket to your S3 bucket
  ☆11Apr 15, 2021Updated 5 years ago
• georgestarcher / Splunk-ESIntel-KVStore

  View on GitHub
  Splunk csv to KVStore ES Threat Intel
  ☆11Jul 11, 2016Updated 9 years ago
• f8al / TA-Shell

  View on GitHub
  Splunk scripted input for opening a backconnect shell on a remote forwarder
  ☆45Nov 18, 2020Updated 5 years ago
• phantomcyber / phantom-apps

  View on GitHub
  Phantom Apps Repo
  ☆83Nov 9, 2021Updated 4 years ago
• splunk / splunkconf-backup

  View on GitHub
  ☆13May 12, 2026Updated last week
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• codingWithJimmy / TA-bigfix

  View on GitHub
  Splunk technical add-on (TA) for ingesting BigFix client, relay, and server logs. Includes REST inputs for ingesting assets, relevant fix…
  ☆17Mar 11, 2025Updated last year
• splunk / splunk-platform-automator

  View on GitHub
  Ansible framework providing a fast and simple way to spin up complex Splunk environments.
  ☆135Apr 29, 2026Updated 2 weeks ago
• apger / SA-RBA

  View on GitHub
  Risk Based Alerting Supporting Add-On (SA) for Splunk
  ☆44Oct 28, 2021Updated 4 years ago
• tfrederick74656 / splunkbase-download

  View on GitHub
  Shell script to download apps from Splunkbase
  ☆24May 19, 2020Updated 6 years ago
• nicovdw / splunk_concurrency_helper

  View on GitHub
  Searches and dashboards to assist with optimising concurrency settings
  ☆31Mar 4, 2022Updated 4 years ago
• outcoldman / docker-splunk-cluster

  View on GitHub
  How to run cluster of Splunk Enterprise in Docker. Examples.
  ☆34Oct 27, 2016Updated 9 years ago
• MHaggis / ShellSweep

  View on GitHub
  ShellSweeping the evil.
  ☆53Jun 18, 2024Updated last year