{"id":13524375,"url":"https://github.com/sduff/awesome-es","last_synced_at":"2025-04-01T02:31:13.894Z","repository":{"id":75841044,"uuid":"207188322","full_name":"sduff/awesome-es","owner":"sduff","description":"  A collection of awesome resources for Splunk Enterprise Security","archived":false,"fork":false,"pushed_at":"2020-09-11T08:00:04.000Z","size":100,"stargazers_count":18,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-05-23T07:14:17.445Z","etag":null,"topics":["awesome","awesome-list","splunk","splunk-enterprise-security","splunk-es"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sduff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE.md","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-09-08T23:48:47.000Z","updated_at":"2024-04-01T17:00:07.000Z","dependencies_parsed_at":"2024-01-11T20:43:37.495Z","dependency_job_id":null,"html_url":"https://github.com/sduff/awesome-es","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sduff%2Fawesome-es","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sduff%2Fawesome-es/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sduff%2Fawesome-es/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sduff%2Fawesome-es/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sduff","download_url":"https://codeload.github.com/sduff/awesome-es/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246572271,"owners_count":20798931,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","splunk","splunk-enterprise-security","splunk-es"],"created_at":"2024-08-01T06:01:09.444Z","updated_at":"2025-04-01T02:31:13.850Z","avatar_url":"https://github.com/sduff.png","language":null,"funding_links":[],"categories":["Apps"],"sub_categories":["Premium Apps"],"readme":"# Awesome ES[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n\u003e A curated list of awesome resources for Splunk Enterprise Security.\n\n## Contents\n\n- [Basics](#basics)\n- [Education and Training](#education-and-training)\n- [Professional Services](#professional-services)\n- [SOAR Integration](#soar-integration)\n- [Threat Intelligence](#threat-intelligence)\n- [.Conf Presentations](#conf-presentations)\n\n## Basics\n\nResources for getting started with Splunk Enterprise Security.\n\n- [Splunk Website](https://splunk.com)\n  - [Downloads](https://www.splunk.com/download)\n  - [Previous Releases](https://www.splunk.com/page/previous_releases)\n  - [Awesome Splunk](https://github.com/sduff/awesome-splunk) - A curated list of awesome Splunk resources.\n- [Splunk Enterprise Security Homepage](http://www.splunk.com/view/enterprise-security-app/SP-CAAAE8Z)\n  - [Downloads](https://splunkbase.splunk.com/app/263/) - Download page for licensed users.\n  - [Documentation](https://docs.splunk.com/Documentation/ES/latest)\n  - [ES Splunk Blog Posts](https://www.splunk.com/blog/tag/splunk-enterprise-security.html)\n  - [Splunk ES Content Update](https://splunkbase.splunk.com/app/3449/) - Regularly updated pre-packaged Security Content for use in Splunk ES.\n\n## Education and Training\n- [Tutorial](https://docs.splunk.com/Documentation/ES/latest/Tutorials/Overview) - Tutorial on creation of new Correlation Searches.\n- Training Classes\n  - [Using Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html)\n    - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-end-users/overview.html)\n  - [Administering Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/administering-splunk-enterprise-security.html)\n    - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-administrators/overview.html)\n- Certifications\n  - [Splunk Enterprise Security Certified Admin](https://www.splunk.com/en_us/training/certification-track/splunk-es-certified-admin/overview.html)\n    - [Splunk Enterprise Security Certified Admin Blueprint](https://www.splunk.com/content/dam/splunk2/pdfs/training/Splunk-Test-Blueprint-ES-Admin-v.1.1.pdf) - A guide to the examinable material in the ES Admin certification.\n\n## Professional Services\n\nNeed to get the experts involved in an Enterprise Security implementation, or seeing guidance.\n\n- [Splunk Security and Compliance Service Offerings](https://www.splunk.com/en_us/support-and-services/splunk-services/offerings/security-and-compliance-services.html)\n- [Splunk Partners for Enterprise Security Implementation](https://partners.splunk.com/locator/search?f0=Professional+Services+Specializations\u0026f0v0=ES+Implementation)\n\n## Risk Based Alerting\n- [RBA All Day](https://rbaallday.com) - Reduce noise by using a Risk Based approach to notable event generation.\n  - [SA-RBA](https://github.com/apger/SA-RBA) - Solution AddOn for ES, adds custom visualisations and correlation searches for RBA.\n  - [Phantom RBA](https://github.com/kelby-shelton/phantom-rba) - Phantom functions for RBA investigations and enrichment.\n\n## SOAR Integration\n- [Splunk Phantom](https://www.splunk.com/en_us/software/splunk-security-orchestration-and-automation.html)\n  - [Awesome Phantom](https://github.com/ryanplasma/awesome-splunk-phantom) - Awesome resources for Splunk Phantom.\n\n## Threat Intelligence\n- [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of awesome threat intelligence resources.\n\n## .Conf Presentations\n\nSelected .conf presentations related to various aspects of Splunk Enterprise Security.\n\n- [All .Conf Presentations for Enterprise Security](https://conf.splunk.com/watch/conf-online.html?search.products=1518807815929004Tieu#/)\n- [How to Migrate from Legacy SIEM to Splunk](https://static.rainfocus.com/splunk/splunkconf18/sess/1523486455444001luSF/finalPDF/Assessing-Threat-Intelligence-Sharing-1571_1538782551848001rhKL.pdf)\n- [Enterprise Security Multi-Tenant Fundamentals](https://conf.splunk.com/files/2017/slides/analytic-stories-or-how-i-learned-to-stop-worrying-and-respond-to-threats.pdf)\n\n## Contribute\nContributions welcome! Read the [contribution guidelines](contributing.md) first.\n\n## License\n[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)\n\nTo the extent possible under law, Simon Duff has waived all copyright and\nrelated or neighbouring rights to this work.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsduff%2Fawesome-es","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsduff%2Fawesome-es","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsduff%2Fawesome-es/lists"}