Welcome to the new Splunkbase! To return to the old Splunkbase, .
Collections
Apps
Submit an app
Warning

This app is archived.

Building Correlation Searches in Splunk Enterprise Security Companion App app icon

Building Correlation Searches in Splunk Enterprise Security Companion App

This app is a companion app to the Build Correlation Searches with Splunk Enterprise Security Hands On Workshop based on the BOTS v4 data set.

Built by
splunk product badge
Latest Version 1.0.2
March 24, 2020
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1
CIM Version: 4.x
Rating

0

(0)

Log in to rate this app
Support
Building Correlation Searches in Splunk Enterprise Security Companion App support icon
Not Supported
This app is a companion app to the Build Correlation Searches with Splunk Enterprise Security Hands On Workshop based on the BOTS v4 data set. It is designed to be installed on top of a Splunk ES instance and contains a module for the Use Case Library, complete with an Analytic Story containing Correlation Searches that users can apply to their own ES instance. Many of these searches are derived from the SIGMA project https://github.com/Neo23x0/sigma. The decrypt app is required for the PowerShell Encoding Correlation Search and can be found here: https://splunkbase.splunk.com/app/2655/.

Categories

Created By

Splunk Works

Contributors

Tom Smit, John Stoner

Type

addon

Downloads

792

Licensing

Splunk Answers

Resources

Log in to report this app listing