{"id":31816571,"url":"https://github.com/splunk/rba","last_synced_at":"2025-10-11T09:56:43.649Z","repository":{"id":59376952,"uuid":"529359910","full_name":"splunk/rba","owner":"splunk","description":"RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.","archived":false,"fork":false,"pushed_at":"2025-08-26T16:35:19.000Z","size":6970,"stargazers_count":57,"open_issues_count":4,"forks_count":12,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-08-26T23:12:50.286Z","etag":null,"topics":["rba","splunk","splunk-rba"],"latest_commit_sha":null,"homepage":"https://splunk.github.io/rba/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing/contributing-guidelines.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-08-26T18:06:30.000Z","updated_at":"2025-08-26T16:34:59.000Z","dependencies_parsed_at":"2024-06-15T00:41:14.994Z","dependency_job_id":"98beccb7-6a3a-4e00-8a3a-a1117604cc79","html_url":"https://github.com/splunk/rba","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/rba","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Frba","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Frba/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Frba/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Frba/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/rba/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Frba/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006748,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rba","splunk","splunk-rba"],"created_at":"2025-10-11T09:56:42.896Z","updated_at":"2025-10-11T09:56:43.645Z","avatar_url":"https://github.com/splunk.png","language":null,"readme":"# RBA all day\n\n[![Docs](https://github.com/splunk/rba/actions/workflows/docs.yml/badge.svg)](https://splunk.github.io/rba/)\n\nWelcome to the wonderful world of Risk-Based Alerting!\n\nRBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.\n\n## Documentation\n\nSee the web based documentation at https://splunk.github.io/rba/\n\n## Searches\n\nUseful SPL from the RBA community for working with risk events.\n\n## Dashboards\n\nSimple XML or JSON for Splunk dashboards to streamline risk analysis.\n\n## Risk Rules\n\nSplunk's Threat Research Team has an incredible library of over 1000 detections in the Splunk's [Enterprise Security Content Updates](https://research.splunk.com/) library. You can use Marcus Ferrera and Drew Church's awesome [ATT\u0026CK Detections Collector](https://github.com/splunk/attack-detections-collector) to pop out a handy HTML file of relevant ESCU detections for you to align with MITRE ATT\u0026CK.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Frba","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Frba","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Frba/lists"}