west-wind / Threat-Hunting-With-SplunkView external linksLinks
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
☆68Apr 29, 2024Updated last year
Alternatives and similar repositories for Threat-Hunting-With-Splunk
Users that are interested in Threat-Hunting-With-Splunk are comparing it to the libraries listed below
Sorting:
- This repository contains Splunk queries to hunt some anomalies☆46Jul 28, 2022Updated 3 years ago
- ☆14Jan 2, 2025Updated last year
- A list of Splunk queries that I've collected and used over time.☆91Nov 3, 2020Updated 5 years ago
- An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.☆60Mar 12, 2022Updated 3 years ago
- Collection of Dashboards for Threat Hunting and more!☆73Oct 17, 2020Updated 5 years ago
- Lazy SPL to detect Spring4Shell exploitation☆12Jul 8, 2022Updated 3 years ago
- A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon☆214May 23, 2020Updated 5 years ago
- Set of SIGMA rules (>350) mapped to MITRE ATT&CK tactic and techniques☆412Nov 8, 2025Updated 3 months ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆289Jan 15, 2024Updated 2 years ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- Collection of Splunking Tools, SPL Code and Resources☆15Jan 30, 2025Updated last year
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 3 months ago
- Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…☆1,126Dec 19, 2025Updated last month
- Yara rules written by me, for free use.☆20Nov 26, 2021Updated 4 years ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Windows file metadata / forensic tool.☆18Oct 12, 2025Updated 4 months ago
- This repository is a comprehensive collection of resources, documentation, apps, and add-ons related to Splunk, a powerful data analytics…☆24Updated this week
- A repository of my own Sigma detection rules.☆163Nov 25, 2025Updated 2 months ago
- Anvilogic Forge☆114Sep 18, 2025Updated 4 months ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆53Jul 27, 2022Updated 3 years ago
- RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high…☆63Feb 2, 2026Updated last week
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- Splunk Security Content☆1,568Updated this week
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆289Feb 5, 2024Updated 2 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- This is a collection of threat detection rules / rules engines that I have come across.☆296May 5, 2024Updated last year
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆801Jan 14, 2026Updated last month
- Powershell Scripts to work on Crowdstrike Falcon that pull back raw data relevant to forensic investigation☆23Dec 18, 2024Updated last year
- Sigma Queries turned into KQL for Defender using pysigma☆12Jun 20, 2024Updated last year
- Contains research.splunk.com site code☆11Apr 10, 2024Updated last year
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Awesome list of keywords and artifacts for Threat Hunting sessions☆633Aug 4, 2025Updated 6 months ago
- Automating Security Detection Engineering, published by Packt☆67Oct 12, 2024Updated last year
- ☆24Mar 12, 2025Updated 11 months ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago