Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sduff/awesome-es

A collection of awesome resources for Splunk Enterprise Security
https://github.com/sduff/awesome-es

List: awesome-es

awesome awesome-list splunk splunk-enterprise-security splunk-es

Last synced: 2 months ago
JSON representation

A collection of awesome resources for Splunk Enterprise Security

Host: GitHub
URL: https://github.com/sduff/awesome-es
Owner: sduff
License: cc0-1.0
Created: 2019-09-08T23:48:47.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-09-11T08:00:04.000Z (over 4 years ago)
Last Synced: 2024-05-23T07:14:17.445Z (8 months ago)
Topics: awesome, awesome-list, splunk, splunk-enterprise-security, splunk-es
Homepage:
Size: 97.7 KB
Stars: 18
Watchers: 3
Forks: 5
Open Issues: 1
Metadata Files:
- Readme: README.md
- Contributing: contributing.md
- License: LICENSE.md
- Code of conduct: code-of-conduct.md

Awesome Lists containing this project

awesome-splunk - Awesome-ES - An Awesome list for all things Enterprise Security. (Apps / Premium Apps)

README

        # Awesome ES[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

> A curated list of awesome resources for Splunk Enterprise Security.

## Contents

- [Basics](#basics)

- [Education and Training](#education-and-training)

- [Professional Services](#professional-services)

- [SOAR Integration](#soar-integration)

- [Threat Intelligence](#threat-intelligence)

- [.Conf Presentations](#conf-presentations)

## Basics

Resources for getting started with Splunk Enterprise Security.

- [Splunk Website](https://splunk.com)

  - [Downloads](https://www.splunk.com/download)

  - [Previous Releases](https://www.splunk.com/page/previous_releases)

  - [Awesome Splunk](https://github.com/sduff/awesome-splunk) - A curated list of awesome Splunk resources.

- [Splunk Enterprise Security Homepage](http://www.splunk.com/view/enterprise-security-app/SP-CAAAE8Z)

  - [Downloads](https://splunkbase.splunk.com/app/263/) - Download page for licensed users.

  - [Documentation](https://docs.splunk.com/Documentation/ES/latest)

  - [ES Splunk Blog Posts](https://www.splunk.com/blog/tag/splunk-enterprise-security.html)

  - [Splunk ES Content Update](https://splunkbase.splunk.com/app/3449/) - Regularly updated pre-packaged Security Content for use in Splunk ES.

## Education and Training

- [Tutorial](https://docs.splunk.com/Documentation/ES/latest/Tutorials/Overview) - Tutorial on creation of new Correlation Searches.

- Training Classes

  - [Using Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html)

    - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-end-users/overview.html)

  - [Administering Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/administering-splunk-enterprise-security.html)

    - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-administrators/overview.html)

- Certifications

  - [Splunk Enterprise Security Certified Admin](https://www.splunk.com/en_us/training/certification-track/splunk-es-certified-admin/overview.html)

    - [Splunk Enterprise Security Certified Admin Blueprint](https://www.splunk.com/content/dam/splunk2/pdfs/training/Splunk-Test-Blueprint-ES-Admin-v.1.1.pdf) - A guide to the examinable material in the ES Admin certification.

## Professional Services

Need to get the experts involved in an Enterprise Security implementation, or seeing guidance.

- [Splunk Security and Compliance Service Offerings](https://www.splunk.com/en_us/support-and-services/splunk-services/offerings/security-and-compliance-services.html)

- [Splunk Partners for Enterprise Security Implementation](https://partners.splunk.com/locator/search?f0=Professional+Services+Specializations&f0v0=ES+Implementation)

## Risk Based Alerting

- [RBA All Day](https://rbaallday.com) - Reduce noise by using a Risk Based approach to notable event generation.

  - [SA-RBA](https://github.com/apger/SA-RBA) - Solution AddOn for ES, adds custom visualisations and correlation searches for RBA.

  - [Phantom RBA](https://github.com/kelby-shelton/phantom-rba) - Phantom functions for RBA investigations and enrichment.

## SOAR Integration

- [Splunk Phantom](https://www.splunk.com/en_us/software/splunk-security-orchestration-and-automation.html)

  - [Awesome Phantom](https://github.com/ryanplasma/awesome-splunk-phantom) - Awesome resources for Splunk Phantom.

## Threat Intelligence

- [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of awesome threat intelligence resources.

## .Conf Presentations

Selected .conf presentations related to various aspects of Splunk Enterprise Security.

- [All .Conf Presentations for Enterprise Security](https://conf.splunk.com/watch/conf-online.html?search.products=1518807815929004Tieu#/)

- [How to Migrate from Legacy SIEM to Splunk](https://static.rainfocus.com/splunk/splunkconf18/sess/1523486455444001luSF/finalPDF/Assessing-Threat-Intelligence-Sharing-1571_1538782551848001rhKL.pdf)

- [Enterprise Security Multi-Tenant Fundamentals](https://conf.splunk.com/files/2017/slides/analytic-stories-or-how-i-learned-to-stop-worrying-and-respond-to-threats.pdf)

## Contribute

Contributions welcome! Read the [contribution guidelines](contributing.md) first.

## License

[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)

To the extent possible under law, Simon Duff has waived all copyright and

related or neighbouring rights to this work.