security_content

Splunk Security Content (by splunk)
Add to my DEV experience Splunk Detection Engineering responses Cicd Cybersecurity detection-engineering
Source Code
research.splunk.com
security_content Reviews
Suggest alternative
Edit details
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
Sponsored

Security_content Alternatives

Similar projects and alternatives to security_content

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better security_content alternative or higher similarity.
Suggest an alternative to security_content

security_content reviews and mentions

Posts with mentions or reviews of security_content. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-10.
  • SIEM content development
    2 projects | /r/SIEM | 10 Dec 2023
    There's a ton of valuable resources out there when searching for "detection engineering", beyond that, check https://research.splunk.com/ to get an idea of a structured and contextual approach. Beyond that, check Rob van Os Magma use case framework and any blog you can find on https://correlatedsecurity.com (Jurgen Visser). Last but not least, anything "awesome" on github, e.g. https://github.com/fabacab/awesome-cybersecurity-blueteam
  • Azure data sources
    1 project | /r/Splunk | 1 Jul 2023
    Some additional reading: - https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2020/07/Azure-Sentinel-whitepaper.pdf - here it from the vendor; solid read as correct log sourcing/scoping is SIEM-vendor agnostic; also check the Sentinel KQL github for inspiration - https://research.splunk.com/ - your new browser startpage - check for Azure/MS/M365 rekated content
  • Okta Data in Splunk( Reports, Alerts and Dashboards)
    1 project | /r/Splunk | 22 Mar 2023
    Indeed, as well as the Okta analytic stories/detections at research.splunk.com. In fact, three new ones published yesterday where Okta and Splunk collaborated on detections.
  • Crowdstrike FDR logs to Splunk vs Splunk UF collecting logs from windows member server
    1 project | /r/crowdstrike | 22 Dec 2022
    Our end goal is to achieve maxium coverage against MITRE mapping. Our mapping is pretty low and the management want to achieve this in a cost effective manner. Our analysts are more comfortable with creating alerts and dashboards using standard wineventlogs. When we talk about FDR, they are like "Rabitt in the headlights". We are planning to achieve by end of 2023. https://github.com/splunk/security_content/blob/develop/docs/mitre-map/coverage.png (highlighted in blue). Some of the coverage comes native with EDR and NDR. We have a different map of that one (esp proactive one).
  • threat hunting DLL search order hijacking
    1 project | /r/crowdstrike | 13 Dec 2022
    So you want to see if the files in this list are not running out of System32 or SysWOW64.
  • frustrated with lack of “entry level” security roles
    1 project | /r/cybersecurity | 26 Oct 2022
    Build a home lab. Phase 1: Get a good server to run VM's on. Use Proxmox as the hypervisor. Get a managed network switch (used ones on eBay are fine). Setup a span port or get a physical network TAP. Install Zeek and capture all the traffic in and out of your house. Look at the logs. Understand them. Use the free version of Suricata IDS. Examine the logs, understand them. Phase 2: Install Splunk (it has a free version). Push all the Zeek/Suricata logs to Splunk with the universal forwarder. Learn how to use Splunk. Learn the query language. Download APPs, analyze data, build dashboards, setup alerts (https://research.splunk.com/). Phase 3: Setup Honeypots, trigger them to learn how they work. Phase 4: Install Windows and Linux desktops and servers. Use the Splunk universal forwarder to dump all the logs into Splunk. Learn the logs, understand them!
  • Learning splunk step by step
    1 project | /r/Splunk | 21 Oct 2022
    Research Lantern
  • Has Splunk provided any Maggie Malware fix or how to detect it ?
    1 project | /r/Splunk | 7 Oct 2022
    Checkout https://research.splunk.com for stuff like this. Just be careful regarding naming, you will more likely find accurate detections searching by the CVE number.
  • Best Way to Learn Query Writing?
    1 project | /r/Splunk | 15 Sep 2022
    We have over 1,000 queries (which we refer to as detections) in our publicly-available GitHub Repository in the following folder: https://github.com/splunk/security_content/tree/develop/detections
  • Splunk Hyper Queries & other SPL nuggets for Security Teams
    2 projects | /r/Splunk | 6 Sep 2022
    As for detection libraries, I find lots of people don't know about https://research.splunk.com/
  • A note from our sponsor - WorkOS
    workos.com | 23 Apr 2024
    The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Stats

Basic security_content repo stats
20
1,132
9.9
7 days ago

splunk/security_content is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of security_content is Python.

Popular Comparisons

  1. security_content VS atomic-red-team
  2. security_content VS sigma
  3. security_content VS remote-splunk-search
  4. security_content VS PyNite
  5. security_content VS nvim-splunk-linter
  6. security_content VS detection-rules
  7. security_content VS ChatGPT-4-Splunk
  8. security_content VS ZondaPro
  9. security_content VS Automata
  10. security_content VS threathunting-spl

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com