security

This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.

You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found in the details

Required actions after deployment:
Make sure the threathunting index is present on your indexers
Edit the macro's to suit your environment
Install the required addons
Install the lookup csv's or create them yourself, empty csv's are here >  https://github.com/olafhartong/ThreatHunting/raw/master/files/ThreatHunting.tar.gz

More documentation is available at >  https://github.com/olafhartong/threathunting/wiki

This app is maintained on GitHub > https://github.com/olafhartong/threathunting