Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 16 Python Splunk Projects
-
pygraphistry
PyGraphistry is a Python library to quickly load, shape, embed, and explore big graphs with the GPU-accelerated Graphistry visual graph analyzer
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
zentral
Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Splunk-Apps
Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
-
evtx2json
A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.
-
twitter-aws-comprehend
An app to analyze tweets using Amazon Comprehend's Sentiment Analysis service
-
qasa
Query your devices and systems for useful data (SNMP, HTTP etc), and send the results onwards... perhaps remote syslog server, OpenSearch, Splunk or even... It really doesn't care!
-
xm-labs-splunk-custom-messages
Allows for a short and detailed message to be specified for each alert. Splunk tokens can be specified as part of the custom messages.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
Extra fun: We find most enterprise/gov graph analytics work only requires 1-2 attributes to go along with the graph index, and those attributes often are already numeric (time, $, ...) or can be dictionary-encoded as discussed here (categorical, ID, ...)... so even 'tough' billion scale graphs are fine on 1 gpu.
Early, but that's been the basic thinking into our new GFQL system: slice into the columns you want, and then do all the in-GPU traversals you want. In our V1, we keep things dataframe-native include the in-GPU data representation, and are already working on the first extensions to support switching to more graph-native indexing for steps as needed.
Ex: https://github.com/graphistry/pygraphistry/blob/master/demos...
There's a ton of valuable resources out there when searching for "detection engineering", beyond that, check https://research.splunk.com/ to get an idea of a structured and contextual approach. Beyond that, check Rob van Os Magma use case framework and any blog you can find on https://correlatedsecurity.com (Jurgen Visser). Last but not least, anything "awesome" on github, e.g. https://github.com/fabacab/awesome-cybersecurity-blueteam
Python Splunk related posts
- Azure data sources
- Okta Data in Splunk( Reports, Alerts and Dashboards)
- New Release: TA OpenAI ChatGPT
- Crowdstrike FDR logs to Splunk vs Splunk UF collecting logs from windows member server
- threat hunting DLL search order hijacking
- frustrated with lack of “entry level” security roles
- Learning splunk step by step
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source Splunk projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | sigma | 7,598 |
2 | pygraphistry | 2,052 |
3 | security_content | 1,132 |
4 | threathunting | 1,102 |
5 | zentral | 720 |
6 | splunk-connect-for-kubernetes | 341 |
7 | splunk-connect-for-syslog | 142 |
8 | Splunk-Apps | 98 |
9 | evtx2json | 48 |
10 | ChatGPT-4-Splunk | 24 |
11 | twitter-aws-comprehend | 16 |
12 | splunk-spl | 16 |
13 | qasa | 3 |
14 | remote-splunk-search | 1 |
15 | xm-labs-splunk-custom-messages | 0 |
16 | TA-opnsense | 0 |