jorritfolmer/TA-defender-atp-hunting

This repository has been archived on 25/Jun/2022
Stars
8
Rank 2,099,232 (Top 42 %)
Language
Python
Created over 5 years ago
Updated almost 5 years ago

jorritfolmer/TA-defender-atp-hunting

jorritfolmer

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Add-on to onboard telemetry data via Microsoft Defender ATP hunting API in Splunk (ES)

puppet-splunk

Deploy Splunk instances on Windows and Linux in simple, distributed or (multisite) clustered topologies. Demoed by Splunk at .conf2017

EDRevals

Splunk app to compare Endpoint Detection and Response solutions based on MITRE ATT&CK evaluations (APT3, APT29, Carbanak + FIN7, Wizard Spider + Sandworm)

TA-dmarc

Add-on for ingesting DMARC aggregate reports into Splunk

TA-ad-assets-identities

Dump all users, groups and computers from an Active Directory domain into an asset and identities lookup usable by Splunk Enterprise Security.

TA-netflow-logstash

CIM compliant TA to enable Netflow v5, v9 and IPFIX events in Splunk (Enterprise Security)

TA-bro-ids

CIM compliant TA to enable Bro IDS events in Splunk

TA-oscap-oval

TA for evaluating RHEL and SLES OVAL definitions for Splunk

TA-p0f

TA-p0f (passive os fingerprinting tool) for Splunk

TA-vsftpd

CIM compliant TA to enable vsftpd events in Splunk (Enterprise Security)

TA-mbsa

Microsoft Baseline Security Analyzer add-on for Splunk

TA-skybox

Technical add-on for Splunk to query Skybox Security API

nessus2json

Convert Nessus XML export to JSON for use in Tableau or Power BI

TA-mysql-audit

MySQL audit add-on for Splunk

TA-suricata

CIM compliant TA to enable Suricata events in Splunk (Enterprise Security)

TA-messagetracking-for-cisco-esa

Convert cisco:esa:textmail logs into clean message tracking events with rich metadata for Splunk Enterprise Security

TA-windows-filtering-platform

CIM compliant TA to enable Windows firewall events (5156)

TA-w32time

TA-w32time for Splunk