This app is archived. Learn more
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found in the details Required actions after deployment: Make sure the threathunting index is present on your indexers Edit the macro's to suit your environment Install the required addons Install the lookup csv's or create them yourself, empty csv's are here > https://github.com/olafhartong/ThreatHunting/raw/master/files/ThreatHunting.tar.gz More documentation is available at > https://github.com/olafhartong/threathunting/wiki This app is maintained on GitHub > https://github.com/olafhartong/threathunting
(0)
Categories
Created By
Type
Downloads
Featured in Collection
Licensing
Splunk Answers
Resources