Top 23 Splunk Open-Source Projects

• sigma

  41 7,624 9.8 Python

  Main Sigma Rule Repository

  

Project mention: Sigma rules in real life | /r/cybersecurity | 2023-10-14

Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/

• pygraphistry

  9 2,055 9.2 Python

  PyGraphistry is a Python library to quickly load, shape, embed, and explore big graphs with the GPU-accelerated Graphistry visual graph analyzer

  

Project mention: Graph Data Fits in Memory | news.ycombinator.com | 2024-04-15

Extra fun: We find most enterprise/gov graph analytics work only requires 1-2 attributes to go along with the graph index, and those attributes often are already numeric (time, $, ...) or can be dictionary-encoded as discussed here (categorical, ID, ...)... so even 'tough' billion scale graphs are fine on 1 gpu.

Early, but that's been the basic thinking into our new GFQL system: slice into the columns you want, and then do all the in-GPU traversals you want. In our V1, we keep things dataframe-native include the in-GPU data representation, and are already working on the first extensions to support switching to more graph-native indexing for steps as needed.

Ex: https://github.com/graphistry/pygraphistry/blob/master/demos...

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• gnomock

  5 1,305 3.4 Go

  Test your code without writing mocks with ephemeral Docker containers 📦 Setup popular services with just a couple lines of code ⏱️ No bash, no yaml, only code 💻

• security_content

  20 1,136 9.9 Python

  Splunk Security Content

  

Project mention: SIEM content development | /r/SIEM | 2023-12-10

There's a ton of valuable resources out there when searching for "detection engineering", beyond that, check https://research.splunk.com/ to get an idea of a structured and contextual approach. Beyond that, check Rob van Os Magma use case framework and any blog you can find on https://correlatedsecurity.com (Jurgen Visser). Last but not least, anything "awesome" on github, e.g. https://github.com/fabacab/awesome-cybersecurity-blueteam

• threathunting

  3 1,102 1.7 Python

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

• SigLens

  1 995 9.7 Go

  100x Efficient Log Management than Splunk, Reduce your observability cost by 90%

  

Project mention: Siglens: A columnar OLAP db that can execute queries 50x faster than ClickHouse | news.ycombinator.com | 2024-02-20

I found their claims exaggerated: https://github.com/siglens/siglens/issues/created_by/alexey-...

• Semantic Logger

  2 836 4.3 Ruby

  Semantic Logger is a feature rich logging framework, and replacement for existing Ruby & Rails loggers.

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• zentral

  1 720 9.5 Python

  Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

  

• awesome-detection-engineering

  1 551 6.5

  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation of detective controls with the goal of proactively identifying malicious or unauthorized activity before it negatively impacts an individual or an organization.

Project mention: Detection Engineering - Responsibilities / Career Growth / Compensation | /r/SecurityCareerAdvice | 2023-06-14

Apologies if unclear, I meant the path towards Detection Engineering! I've immersed myself into awesome-detection-engineering and find different perspectives/gems through newsletters such as 'Detection Engineering' by Zack Allen.

• EventLogging

  1 447 5.0 PowerShell

  Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

  

• splunk-connect-for-kubernetes

  5 341 4.2 Python

  Helm charts associated with kubernetes plug-ins

  

• ThreatHunting-Keywords

  1 337 9.4 HTML

  Awesome list of keywords and artifacts for Threat Hunting sessions

Project mention: List of offensive tools keywords for ThreatHunting | /r/cybersecurity | 2023-05-18

more information here: https://github.com/mthcht/ThreatHunting-Keywords

• threathunting-spl

  2 255 4.1

  Splunk code (SPL) for serious threat hunters and detection engineers.

• splunk-connect-for-syslog

  2 143 9.1 Python

  Splunk Connect for Syslog

  

• ansible-role-for-splunk

  3 134 5.5 Jinja

  Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)

  

• youtube

  2 130 0.0 JavaScript

  This repo will have all the data and codes I have used for my youtube channel (by siddharthajuprod07)

• Splunk-Apps

  1 98 5.8 Python

  Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

  

• fanuc-driver

  2 66 6.6 C#

  Configurable Fanuc Focas data collector and post processor.

  

• maple

  1 55 0.0 Java

  Type-safe, consistently named and formatted, structured logging wrapper for SLF4J that's ideally suited for your logging aggregator. (by Randgalt)

• SplunkDashboards

  1 49 0.0

  Collection of Dashboards for Threat Hunting and more!

• evtx2json

  1 48 10.0 Python

  A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.

• splunk_modinput_prometheus

  2 43 2.6 Go

  A Splunk modular input for ingesting Prometheus metrics

• splunk-enterprise

  1 26 0.0 Shell

  Guidance on deploying Splunk Enterprise on Azure with automated reference implementation

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Splunk related posts

• SIEM content development
  2 projects | /r/SIEM | 10 Dec 2023
• Splunk Enterprise Security dashboard that let's you prioritize, track your security automation efforts and sell your wins to management through quantitative metrics
  1 project | /r/cybersecurity | 11 Jul 2023
• Azure data sources
  1 project | /r/Splunk | 1 Jul 2023
• Okta Data in Splunk( Reports, Alerts and Dashboards)
  1 project | /r/Splunk | 22 Mar 2023
• Prometheus integration with Splunk
  1 project | /r/Splunk | 12 Mar 2023
• Splunk Enterprise Certified Admin Exam
  1 project | /r/Splunk | 1 Feb 2023
• New Release: TA OpenAI ChatGPT
  2 projects | /r/Splunk | 27 Jan 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 27 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com