├── Defcon Threat Hunting Workshop
    └── DEFCON_THREAT_HUNTING.pdf
├── README.md
├── conf18_MSFT_CLOUD_Talk
    ├── MSFT_cloud_searches.pdf
    ├── hunts.md
    └── o365_test.tgz
├── conf2017_SSL_talk
    ├── alexa_1MM_17SEP17.csv
    ├── ja3.csv
    ├── ssl_blacklist_2.csv
    └── workflow_actions.conf
├── fun_lookups
    └── cdn.csv
├── results-russian-threats-mapped.json
└── workflow_actions
    └── workflow_actions.conf


/Defcon Threat Hunting Workshop/DEFCON_THREAT_HUNTING.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/Defcon Threat Hunting Workshop/DEFCON_THREAT_HUNTING.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/README.md


--------------------------------------------------------------------------------
/conf18_MSFT_CLOUD_Talk/MSFT_cloud_searches.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf18_MSFT_CLOUD_Talk/MSFT_cloud_searches.pdf


--------------------------------------------------------------------------------
/conf18_MSFT_CLOUD_Talk/hunts.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf18_MSFT_CLOUD_Talk/hunts.md


--------------------------------------------------------------------------------
/conf18_MSFT_CLOUD_Talk/o365_test.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf18_MSFT_CLOUD_Talk/o365_test.tgz


--------------------------------------------------------------------------------
/conf2017_SSL_talk/alexa_1MM_17SEP17.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf2017_SSL_talk/alexa_1MM_17SEP17.csv


--------------------------------------------------------------------------------
/conf2017_SSL_talk/ja3.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf2017_SSL_talk/ja3.csv


--------------------------------------------------------------------------------
/conf2017_SSL_talk/ssl_blacklist_2.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf2017_SSL_talk/ssl_blacklist_2.csv


--------------------------------------------------------------------------------
/conf2017_SSL_talk/workflow_actions.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/conf2017_SSL_talk/workflow_actions.conf


--------------------------------------------------------------------------------
/fun_lookups/cdn.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/fun_lookups/cdn.csv


--------------------------------------------------------------------------------
/results-russian-threats-mapped.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/results-russian-threats-mapped.json


--------------------------------------------------------------------------------
/workflow_actions/workflow_actions.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rkovar/splunk-hunting-helpers/HEAD/workflow_actions/workflow_actions.conf


--------------------------------------------------------------------------------