Derek Arnold's repositories
obelisk-threat-intel
Obelisk Threat Intel is a Splunk App that automatically correlates your data with several popular open threat lists. After a few mouse clicks we can start hunting for log sources that are reaching out to, or being attacked from, known attackers. The app can provide increased visibility to potentially malicious activity going on in the organization.
ansible_playbooks
Ansible playbooks for Elasticsearch and Splunk
TA_obelisk-threat
Obelisk Threat Intel is a Splunk App that automatically correlates your data with several popular open threat lists. After a few mouse clicks we can start hunting for log sources that are reaching out to, or being attacked from, known attackers. The app can provide increased visibility to potentially malicious activity going on in the organization.