Purpleteam scripts simulation & Detection - trigger events for SOC detections

High performance sFlow/IPFIX/NetFlow Collector

Detects Delays in recently ran Splunk saved searches

Repository for Splunk Rerun Application

This is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata) at scale by balancing the work across multiple CPUs then f…

Consolidation of various resources related to Microsoft Sysmon & sample data/log

Splunk (Other Splunk scripts which do not fit into the SplunkAdmins application)

Dump all users, groups and computers from an Active Directory domain into an asset and identities lookup usable by Splunk Enterprise Security.

Golang PoC software for reliable file transfers over a data diode. DIY gigabit data diode hardware instructions

State Machine Technology Add-On for Splunk

Official read only mirror for

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.

Creates Wireguard configuration for hub and peers with ease

scripts to configure the Splunk Universal Forwarder in a locked down state

Simple TA to enable on-boarding of journald events into Splunk.

TA-ms-loganalytics

Sample queries for Advanced hunting in Microsoft 365 Defender

Visualization repo for Splunk and ES

Azure Functions for getting data in to Splunk

A Splunk app to deploy, manage and monitor Splunk environments in remote Kubernetes clusters

Netflow sample dashboards app for Splunk

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" awesome list.

Master the command line, in one page

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments