Often there are just little things that can make the life of a "hunter" using Splunk that much easier. I'll add the little tidbits here and there as I find them.
Workflow actions:
- This workflow_actions.conf can be put in any app (but maybe best in "search") to assist in your open source intelligence pivoting. This is not intended to be used "as is" but rather as a menu that you can select OSINT pivot sources that are easily used by Splunk that work best for YOUR environment