secops4thewin's repositories
TA-intezer
This app leverages the Adaptive Response framework to search against the intezer analyze APIs
TA-securitytrails
This app leverages the Adaptive Response framework to perform API calls to Security Trails
securitytrails-python
Python 2.7 wrapper for the securitytrails api.
force_directed_viz
D3 Force Directed visualization for Splunk.
link_analysis_app
Link Analysis App for Splunk.
phthreatminer
This github repo will house the Phantom Cyber app for Threat Miner
UiPath-RPAMacroSigning
This project is a file that runs you through the process of automatically signing office files
phintezeranalyze
Phantom Cyber App for Intezer Analyze. https://analyze.intezer.com/
devoDetections
Mitre Att&ck Navigator layout for Devo
AustralianKMZFiles
A repo to host KMZ files for use in visualization apps.
canary_app
This app is used to visualise data generated from Canary Tools Devices.
data_generator
Using Gogen from coccyx
detection-rules
Rules for Elastic Security's detection engine
devoRsyslogConfigurations
A repo to store rsyslog configuration for automation purposes
docker-domain_stats
This github repo holds a Dockerfile to automatically build Mark Baggets Domain Stats python server. https://github.com/MarkBaggett/domain_stats/tree/master/domain_stats
ecs
Elastic Common Schema
gogen
Highly configurable and scalable data generator for testing or demo data
mitreAttackDetectionsByDataSource
Shows Detections by Mitre Data Source
phairlockdigital
Phantom App For Airlock Digital
security-ws-labs
Elastic Security Workshop Labs
sigma
Generic Signature Format for SIEM Systems
TA-ipv6-search
This app creates a custom search command in Splunk to search ipv6 ranges
TA-javelin-protect
This add-on provides parsing configuration for Javelin Protect https://www.javelin-networks.com/
TA-search_splunk
This app leverages the Adaptive Response framework to allow searches to be issued automatically.
TA_autoruns
This Splunk Add-On runs autoruns command line edition and parses the data ready for use in Splunk