Pinned Repositories
addonfactory-splunk_sa_cim
Splunk_SA_CIM used by add-on test infrastructure
ail-framework
AIL framework - Analysis Information Leak framework
ail-yara-rules
A set of YARA rules for the AIL framework to detect leak or information disclosure
alert_send_screenshot
App for Splunk with custom alert to send Screenshots of dashboard via Mail as pdf/png
atc-mitigation
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
atc-react
A knowledge base of actionable Incident Response techniques
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
atomic-threat-coverage
Actionable analytics designed to combat threats
attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
rkondracki's Repositories
rkondracki/atc-mitigation
Actionable analytics designed to combat threats based on MITRE's ATT&CK.
rkondracki/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
rkondracki/AZ-500-Azure-Security
rkondracki/botsv3
Splunk Boss of the SOC version 3 dataset.
rkondracki/collectd
The system statistics collection daemon. Please send Pull Requests here!
rkondracki/crits
CRITs - Collaborative Research Into Threats
rkondracki/dashboard-conf19-examples
Splunk new dashboard framework examples .conf 2019
rkondracki/KQL
Kusto Query Language
rkondracki/SA-LookupUpdate
rkondracki/SA-NetOps
Allows for MAC address to vendor mapping in Splunk
rkondracki/seckit_sa_geolocation
rkondracki/securitydatasets
Home for Splunk security datasets.
rkondracki/selinux_policy_for_splunk
SELinux Policy for Splunk
rkondracki/splunk
Splunk Stuffs!
rkondracki/Splunk-7.2-Enterprise-Certified-Administration-Guide
Splunk 7.2 Enterprise Certified Administration Guide, published by Packt
rkondracki/splunk-addon-powershell
Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
rkondracki/splunk_auditd
Splunk App for Linux Auditd
rkondracki/SplunkArchitect
rkondracki/TA-ad-assets-identities
Dump all users, groups and computers from an Active Directory domain into an asset and identities lookup usable by Splunk Enterprise Security.
rkondracki/TA-asngen
ASN Lookup Generator for Splunk
rkondracki/TA-defender-atp-hunting
Add-on to onboard telemetry data via Microsoft Defender ATP hunting API in Splunk (ES)
rkondracki/TA-jsontools
JSON Tools Technology Add-On for Splunk
rkondracki/TA-latmov
Splunk security addon for lateral movement detection
rkondracki/TA-linux_secure
Linux Secure Technology Add-On for Splunk
rkondracki/TA-UserWatchlist
User Watchlist App for Splunk
rkondracki/TA_netfilter
Netfilter (iptables) technology add-on for Splunk
rkondracki/ThreatHunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
rkondracki/UltimateAppLockerByPassList
The goal of this repository is to document the most common techniques to bypass AppLocker.
rkondracki/virtual-agent-library
A collection of virtual agent conversations
rkondracki/windows-event-forwarding
A repository for using windows event forwarding for incident detection and response