├── .gitignore ├── DISCLAIMER.md ├── LICENSE.md ├── README.md ├── SAMI-TA ├── LICENSE.txt ├── bin │ ├── ae.py │ └── av.py └── local │ ├── app.conf │ ├── inputs.conf │ ├── props.conf │ └── wmi.conf ├── SAMI ├── appserver │ └── static │ │ ├── SAMI.jpg │ │ ├── dark.css │ │ ├── dashboard.css │ │ └── tokenTest.js ├── bin │ ├── README │ ├── dcList.bat │ └── hostList.bat ├── default │ ├── app.conf │ └── data │ │ └── ui │ │ ├── nav │ │ └── default.xml │ │ └── views │ │ ├── About.xml │ │ └── README ├── local │ ├── data │ │ └── ui │ │ │ └── views │ │ │ ├── architecture.xml │ │ │ ├── metric_summary.xml │ │ │ └── penalty_summary.xml │ ├── indexes.conf │ ├── inputs.conf │ ├── macros.conf │ ├── props.conf │ ├── savedsearches.conf │ └── transforms.conf ├── lookups │ ├── AppLocker-blacklistPath.csv │ ├── OS-CurrentVersion.csv │ ├── SRP-blacklistPath.csv │ ├── SRP-defaultExeTypes.csv │ ├── SRP-whitelistPath.csv │ ├── ruleSet_lookup.csv │ ├── ruleSets2.csv │ ├── sami_fix_lookup.csv │ └── sami_penalties_lookup.csv ├── metadata │ ├── default.meta │ └── local.meta └── static │ ├── appIcon.png │ ├── appIconAlt.png │ ├── appIconAlt_2x.png │ ├── appIcon_2x.png │ └── appLogo.png ├── SAMI_Business_Logic.xlsx └── SAMI_User_Instruction_Manual.pdf /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/.gitignore -------------------------------------------------------------------------------- /DISCLAIMER.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/DISCLAIMER.md -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/README.md -------------------------------------------------------------------------------- /SAMI-TA/LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/LICENSE.txt -------------------------------------------------------------------------------- /SAMI-TA/bin/ae.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/bin/ae.py -------------------------------------------------------------------------------- /SAMI-TA/bin/av.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/bin/av.py -------------------------------------------------------------------------------- /SAMI-TA/local/app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/local/app.conf -------------------------------------------------------------------------------- /SAMI-TA/local/inputs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/local/inputs.conf -------------------------------------------------------------------------------- /SAMI-TA/local/props.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/local/props.conf -------------------------------------------------------------------------------- /SAMI-TA/local/wmi.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI-TA/local/wmi.conf -------------------------------------------------------------------------------- /SAMI/appserver/static/SAMI.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/appserver/static/SAMI.jpg -------------------------------------------------------------------------------- /SAMI/appserver/static/dark.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/appserver/static/dark.css -------------------------------------------------------------------------------- /SAMI/appserver/static/dashboard.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/appserver/static/dashboard.css -------------------------------------------------------------------------------- /SAMI/appserver/static/tokenTest.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/appserver/static/tokenTest.js -------------------------------------------------------------------------------- /SAMI/bin/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/bin/README -------------------------------------------------------------------------------- /SAMI/bin/dcList.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/bin/dcList.bat -------------------------------------------------------------------------------- /SAMI/bin/hostList.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/bin/hostList.bat -------------------------------------------------------------------------------- /SAMI/default/app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/default/app.conf -------------------------------------------------------------------------------- /SAMI/default/data/ui/nav/default.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/default/data/ui/nav/default.xml -------------------------------------------------------------------------------- /SAMI/default/data/ui/views/About.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/default/data/ui/views/About.xml -------------------------------------------------------------------------------- /SAMI/default/data/ui/views/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/default/data/ui/views/README -------------------------------------------------------------------------------- /SAMI/local/data/ui/views/architecture.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/data/ui/views/architecture.xml -------------------------------------------------------------------------------- /SAMI/local/data/ui/views/metric_summary.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/data/ui/views/metric_summary.xml -------------------------------------------------------------------------------- /SAMI/local/data/ui/views/penalty_summary.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/data/ui/views/penalty_summary.xml -------------------------------------------------------------------------------- /SAMI/local/indexes.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/indexes.conf -------------------------------------------------------------------------------- /SAMI/local/inputs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/inputs.conf -------------------------------------------------------------------------------- /SAMI/local/macros.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/macros.conf -------------------------------------------------------------------------------- /SAMI/local/props.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/props.conf -------------------------------------------------------------------------------- /SAMI/local/savedsearches.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/savedsearches.conf -------------------------------------------------------------------------------- /SAMI/local/transforms.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/local/transforms.conf -------------------------------------------------------------------------------- /SAMI/lookups/AppLocker-blacklistPath.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/AppLocker-blacklistPath.csv -------------------------------------------------------------------------------- /SAMI/lookups/OS-CurrentVersion.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/OS-CurrentVersion.csv -------------------------------------------------------------------------------- /SAMI/lookups/SRP-blacklistPath.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/SRP-blacklistPath.csv -------------------------------------------------------------------------------- /SAMI/lookups/SRP-defaultExeTypes.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/SRP-defaultExeTypes.csv -------------------------------------------------------------------------------- /SAMI/lookups/SRP-whitelistPath.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/SRP-whitelistPath.csv -------------------------------------------------------------------------------- /SAMI/lookups/ruleSet_lookup.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/ruleSet_lookup.csv -------------------------------------------------------------------------------- /SAMI/lookups/ruleSets2.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/ruleSets2.csv -------------------------------------------------------------------------------- /SAMI/lookups/sami_fix_lookup.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/sami_fix_lookup.csv -------------------------------------------------------------------------------- /SAMI/lookups/sami_penalties_lookup.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/lookups/sami_penalties_lookup.csv -------------------------------------------------------------------------------- /SAMI/metadata/default.meta: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/metadata/default.meta -------------------------------------------------------------------------------- /SAMI/metadata/local.meta: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/metadata/local.meta -------------------------------------------------------------------------------- /SAMI/static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/static/appIcon.png -------------------------------------------------------------------------------- /SAMI/static/appIconAlt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/static/appIconAlt.png -------------------------------------------------------------------------------- /SAMI/static/appIconAlt_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/static/appIconAlt_2x.png -------------------------------------------------------------------------------- /SAMI/static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/static/appIcon_2x.png -------------------------------------------------------------------------------- /SAMI/static/appLogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI/static/appLogo.png -------------------------------------------------------------------------------- /SAMI_Business_Logic.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI_Business_Logic.xlsx -------------------------------------------------------------------------------- /SAMI_User_Instruction_Manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nsacyber/Splunk-Assessment-of-Mitigation-Implementations/HEAD/SAMI_User_Instruction_Manual.pdf --------------------------------------------------------------------------------