rkondracki's repositories
atc-mitigation
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
collectd
The system statistics collection daemon. Please send Pull Requests here!
dashboard-conf19-examples
Splunk new dashboard framework examples .conf 2019
KQL
Kusto Query Language
OrgKit
Provision a brand-new company with proper defaults in Windows, Offic365, and Azure
SA-NetOps
Allows for MAC address to vendor mapping in Splunk
securitydatasets
Home for Splunk security datasets.
selinux_policy_for_splunk
SELinux Policy for Splunk
splunk
Splunk Stuffs!
Splunk-7.2-Enterprise-Certified-Administration-Guide
Splunk 7.2 Enterprise Certified Administration Guide, published by Packt
splunk-addon-powershell
Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
splunk_auditd
Splunk App for Linux Auditd
TA-ad-assets-identities
Dump all users, groups and computers from an Active Directory domain into an asset and identities lookup usable by Splunk Enterprise Security.
TA-asngen
ASN Lookup Generator for Splunk
TA-defender-atp-hunting
Add-on to onboard telemetry data via Microsoft Defender ATP hunting API in Splunk (ES)
TA-jsontools
JSON Tools Technology Add-On for Splunk
TA-latmov
Splunk security addon for lateral movement detection
TA-linux_secure
Linux Secure Technology Add-On for Splunk
TA-UserWatchlist
User Watchlist App for Splunk
TA_netfilter
Netfilter (iptables) technology add-on for Splunk
UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
virtual-agent-library
A collection of virtual agent conversations
windows-event-forwarding
A repository for using windows event forwarding for incident detection and response