This app is archived. Learn more

ThreatHunting

This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found in the details Required actions after deployment: Make sure the threathunting index is present on your indexers Edit the macro's to suit your environment Install the required addons Install the lookup csv's or create them yourself, empty csv's are here > https://github.com/olafhartong/ThreatHunting/raw/master/files/ThreatHunting.tar.gz More documentation is available at > https://github.com/olafhartong/threathunting/wiki This app is maintained on GitHub > https://github.com/olafhartong/threathunting

Built by Olaf Hartong

Latest Version 1.5.1

November 12, 2022

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found in the details Required actions after deployment: Make sure the threathunting index is present on your indexers Edit the macro's to suit your environment Install the required addons Install the lookup csv's or create them yourself, empty csv's are here > https://github.com/olafhartong/ThreatHunting/raw/master/files/ThreatHunting.tar.gz More documentation is available at > https://github.com/olafhartong/threathunting/wiki This app is maintained on GitHub > https://github.com/olafhartong/threathunting