ThreatHunting is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here
Note: This application is not a magic bullet, it will require tuning and real investigative work to be truly effective in your environment. Try to become best friends with your system administrators. They will be able to explain a lot of the initially discovered indicators.
Mitre ATT&CK
I strive to map all searches to the ATT&CK framework. A current ATT&CK navigator export of all linked configurations is found here and can be viewed here.
Also Read – Osmedeus : Security Framework For Reconnaissance & Vulnerability Scanning
App Prerequisites
Install the following apps to your SearchHead:
Required actions after deployment
A step by step guide kindly written by Kirtar Oza can be found here
A more detailed explanation of all functions can be found here or in this blog post
Imagine if you had a super-powered assistant who could automatically handle all the boring, repetitive…
Managing files efficiently is a core skill for anyone working in Linux, whether you're a…
Open ports act as communication endpoints between your Linux system and the outside world. Every…
Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…
Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…
Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…