Pinned Repositories
addonfactory-splunk_sa_cim
Splunk_SA_CIM used by add-on test infrastructure
ail-framework
AIL framework - Analysis Information Leak framework
ail-yara-rules
A set of YARA rules for the AIL framework to detect leak or information disclosure
alert_send_screenshot
App for Splunk with custom alert to send Screenshots of dashboard via Mail as pdf/png
atc-mitigation
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
atc-react
A knowledge base of actionable Incident Response techniques
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
atomic-threat-coverage
Actionable analytics designed to combat threats
attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
rkondracki's Repositories
rkondracki/sysmon-config
Sysmon configuration file template with default high-quality event tracing
rkondracki/data-protection-mapping-project
Open Source Data Protection/Privacy Regulatory Mapping Project
rkondracki/TheHive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
rkondracki/attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
rkondracki/kafka-connect-splunk
Kafka connector for Splunk
rkondracki/TA-dmarc
Add-on for ingesting DMARC aggregate reports into Splunk
rkondracki/Microsoft-threat-protection-Hunting-Queries
Sample queries for Advanced hunting in Microsoft Threat Protection
rkondracki/sentinel-attack
Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
rkondracki/MCW-Security-baseline-on-Azure
MCW Security baseline on Azure
rkondracki/eventgen
Splunk Event Generator: Eventgen
rkondracki/invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
rkondracki/DATP_Queries
Microsoft Defender ATP Advanced Hunting Queries
rkondracki/atc-react
A knowledge base of actionable Incident Response techniques
rkondracki/atomic-threat-coverage
Actionable analytics designed to combat threats
rkondracki/puppet-splunk
Manage Splunk servers and forwarders using Puppet
rkondracki/Splunkenizer
Ansible framework providing a fast and simple way to spin up complex Splunk environments.
rkondracki/SwiftFilter
Exchange Transport rules to detect and enable response to phishing
rkondracki/splunk-3D-graph-network-topology-viz
Plot relationships between objects with force directed graph based on ThreeJS/WebGL.
rkondracki/SPEED-SIEM-Use-Case-Framework
Repository for SPEED SIEM Use Case Framework
rkondracki/Improving-your-Splunk-skills
Leverage the operational intelligence capabilities of Splunk to unlock new hidden business insights
rkondracki/SecCon-Framework
Security configuration is complex. With thousands of group policies available in Windows, choosing the “best” setting is difficult. It’s not always obvious which permutations of policies are required to implement a complete scenario, and there are often unintended consequences of some security lockdowns. The SECCON Baselines divide configuration into Productivity Devices and Privileged Access Workstations. This document will focus on Productivity Devices (SECCON 5, 4, and 3). Microsoft’s current guidance on Privileged Access Workstations can be found at http://aka.ms/cyberpaw and as part of the Securing Privileged Access roadmap found at http://aka.ms/privsec.
rkondracki/addonfactory-splunk_sa_cim
Splunk_SA_CIM used by add-on test infrastructure
rkondracki/TA-osquery
A Splunk technology add-on for osquery
rkondracki/TA-misp_es
MISP to Splunk Enterprise Security Theat Intelligence Framework Integration
rkondracki/index_permission_investigator_for_splunk
rkondracki/openapi-generator
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
rkondracki/SA-cim_vladiator
Data validator agains Splunk Common Information Model (CIM)
rkondracki/splunk-examples-custom-endpoints
Custom REST endpoint examples for Splunk Enterprise
rkondracki/malwarebazaar-python
MalwareBazaar API wrapper (Abuse.ch)
rkondracki/mimir
Smart OSINT collection of common IOC types