SplunkTools.net
Advancing your abilities to use Splunk with tools and talks
The purpose of this site is to help Splunk users gain a better understanding of how to use Splunk and Splunk SOAR effectively by giving additional resources from Splunk talks presented by Scott McCarthy.
Apps
IOC Search
This app is designed to assist SOC/CSIRT Analysts and Threat Hunting Analysts locate IOCs (Indicators of Compromise) throughout their Splunk infrastructure quickly and efficiently. The techniques used in this app can search multiple TB of data in seconds to know immediately if you have an indicator in your environment.
Assets and Identity Helper
Asset and Identity Helper
The Asset and Identity Helper is provided to assist users in creating and maintaining sources for the Asset and Identity Framework inside Splunk Enterprise Security. In order to use the functionality in this app you must have Splunk Enterprise Security installed and configured prior to use of this app.
Features
- Best practices instructions
- Assets and Identities Source Dashboard for managing all searches/sources
- Debug Asset Data Dashboard for determining root cause for asset merger errors
- Asset Search Dashboard
- Identity Search Dashboard
- Various macros