Latest Version 1.5.1
November 12, 2022
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. App archiving documentation
ThreatHunting
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
Rating
0
(0)
Log in to rate this app
Support
Not Supported
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found in the details
Required actions after deployment:
Make sure the threathunting index is present on your indexers
Edit the macro's to suit your environment
Install the required addons
Install the lookup csv's or create them yourself, empty csv's are here > https://github.com/olafhartong/ThreatHunting/raw/master/files/ThreatHunting.tar.gz
More documentation is available at > https://github.com/olafhartong/threathunting/wiki
This app is maintained on GitHub > https://github.com/olafhartong/threathunting
Categories
Created By
Olaf Hartong
Type
app
Downloads
14,730
Featured in Collection
Getting Started with Security
Licensing
MIT(Opens new window)Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing