Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Building Correlation Searches in Splunk Enterprise Security Companion App
This app is a companion app to the Build Correlation Searches with Splunk Enterprise Security Hands On Workshop based on the BOTS v4 data set. It is designed to be installed on top of a Splunk ES instance and contains a module for the Use Case Library, complete with an Analytic Story containing Correlation Searches that users can apply to their own ES instance. Many of these searches are derived from the SIGMA project https://github.com/Neo23x0/sigma. The decrypt app is required for the PowerShell Encoding Correlation Search and can be found here: https://splunkbase.splunk.com/app/2655/.
Built by Splunk Works
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
This app is a companion app to the Build Correlation Searches with Splunk Enterprise Security Hands On Workshop based on the BOTS v4 data set.
It is designed to be installed on top of a Splunk ES instance and contains a module for the Use Case Library, complete with an Analytic Story containing Correlation Searches that users can apply to their own ES instance.
Many of these searches are derived from the SIGMA project https://github.com/Neo23x0/sigma.
The decrypt app is required for the PowerShell Encoding Correlation Search and can be found here: https://splunkbase.splunk.com/app/2655/.
Categories
Created By
Splunk Works
Contributors
Tom Smit, John Stoner
Type
addon
Downloads
780
Licensing
Splunk Answers
Resources
Login to report this app listing