- Oslo, Norway
Stars
Purpleteam scripts simulation & Detection - trigger events for SOC detections
Detects Delays in recently ran Splunk saved searches
Exporttool / exporttool
Forked from tknoblau/scriblThis is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata) at scale by balancing the work across multiple CPUs then f…
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Splunk (Other Splunk scripts which do not fit into the SplunkAdmins application)
Dump all users, groups and computers from an Active Directory domain into an asset and identities lookup usable by Splunk Enterprise Security.
Golang PoC software for reliable file transfers over a data diode. DIY gigabit data diode hardware instructions
RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
Creates Wireguard configuration for hub and peers with ease
scripts to configure the Splunk Universal Forwarder in a locked down state
Simple TA to enable on-boarding of journald events into Splunk.
Sample queries for Advanced hunting in Microsoft 365 Defender
Visualization repo for Splunk and ES
Azure Functions for getting data in to Splunk
A Splunk app to deploy, manage and monitor Splunk environments in remote Kubernetes clusters
Netflow sample dashboards app for Splunk
A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.
Master the command line, in one page
Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments