Skip to content
/ Corelight-Threat-Hunting-Guide-SIGMA-Pack Public

Corelight Threat Hunting Guide SIGMA Pack - Added TH searches and dashbaord to the splunk app

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

efi-k/Corelight-Threat-Hunting-Guide-SIGMA-Pack

BranchesTags

Repository files navigation

Corelight-Threat-Hunting-Guide-SIGMA-Pack

Corelight Threat Hunting Guide SIGMA Pack - Added TH searches and dashboard to the splunk app

The included .conf and xml file will add the Corelight+SOC Prime splunk searches and dashboard to the splunk Corelight app.

Please follow the below instructions for installation:

  1. Make sure you have the splunk Corelight app or get it from https://splunkbase.splunk.com/app/3884
  2. Save the corelight_security_corelight_threat_hunting_guide_sigma_pack.xml file to Splunk\etc\apps\CorelightForSplunk\local\data\ui\views. Create the local\data\ui\views folders structure if does not exist already
  3. Append the content of savedsearches.conf to the savedsearches.conf file already in Splunk\etc\apps\CorelightForSplunk\local or just put it there is no savedsearches.conf file already exists.
  4. You should see the "Corelight Threat Hunting Guide SIGMA pack" under the "Security Workflows" menu of the app

Happy Hunting!

Efi

About

Corelight Threat Hunting Guide SIGMA Pack - Added TH searches and dashbaord to the splunk app

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published