Rob Gresham's repositories
phantom-rba
Share RBA-specific playbooks, apps, and custom functions
phantom-test-harness
Test harness for a more pleasurable app building experience
atc-mitigation
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
sxo-05-security-workflows
Workflows, atomic actions, and documentation for SecureX orchestration
atomic-threat-coverage
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
email2pdf
Script to convert emails to PDF from the command-line, as well as detach recognized attachments. Helps to process incoming emails and assist automatically with a non-paper paperwork workflow. Designed to work in tandem with getmail to convert forwarded emails to PDF automatically.
ocsf-schema
OCSF Schema
OpenSIEM-Logstash-Parsing
SIEM Logstash parsing for more than hundred technologies
osquery-configuration
A repository for using osquery for incident detection and response
phantom-apps
Phantom Apps Repo
phantom-browserless
Splunk Phantom App for Browserless/chrome
phantom-docker
Phantom in a container
phantom_pov
Material for a Phantom POV event
phantom_report
Python script to create a timeline PDF report from Phantom.us.
rastrea2r-server
Restful Server to handle requests from rastrea2r client
security_content
Splunk Security Content
web-icons
A flexible icon family for the web