├── .spelling
├── .gitattributes
├── contributing.md
├── package.json
├── .github
    └── workflows
    │   └── nodejs.yml
├── code-of-conduct.md
├── README.md
└── LICENSE.md


/.spelling:
--------------------------------------------------------------------------------
1 | Splunk
2 | conf
3 | SIEM
4 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | * text=auto
2 | readme.md merge=union
3 | 


--------------------------------------------------------------------------------
/contributing.md:
--------------------------------------------------------------------------------
1 | # Contribution Guidelines
2 | 
3 | Please note that this project is released with a [Contributor Code of
4 | Conduct](code-of-conduct.md).  By participating in this project you agree to
5 | abide by its terms.
6 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 | 	"repository": {
 3 | 		"type": "git",
 4 | 		"url": "git://github.com/sduff/awesome-es.git"
 5 | 	},
 6 | 	"license": "CC0-1.0",
 7 | 	"scripts": {
 8 | 		"test": "mdspell -r -x -n README.md && awesome-lint "
 9 | 	},
10 | 	"devDependencies": {
11 | 		"awesome-lint": "*",
12 | 		"markdown-spellcheck": "*"
13 | 	},
14 | 	"dependencies": {
15 | 		"sinon-as-promised": "^4.0.3"
16 | 	}
17 | }
18 | 


--------------------------------------------------------------------------------
/.github/workflows/nodejs.yml:
--------------------------------------------------------------------------------
 1 | name: Node CI
 2 | 
 3 | on: [push]
 4 | 
 5 | jobs:
 6 |   build:
 7 | 
 8 |     runs-on: ubuntu-latest
 9 | 
10 |     strategy:
11 |       matrix:
12 |         node-version: [10.x]
13 | 
14 |     steps:
15 |     - uses: actions/checkout@v1
16 |     - name: Use Node.js ${{ matrix.node-version }}
17 |       uses: actions/setup-node@v1
18 |       with:
19 |         node-version: ${{ matrix.node-version }}
20 |     - name: npm install, build, and test
21 |       run: |
22 |         npm install
23 |         npm test
24 |       env:
25 |         CI: true
26 | 


--------------------------------------------------------------------------------
/code-of-conduct.md:
--------------------------------------------------------------------------------
 1 | # Open Source Contribution Policy
 2 | Version 0.4, 2018–10–08
 3 | 
 4 | ## Policy
 5 | We will accept contributions of good code that we can use from anyone.
 6 | 
 7 | 
 8 | ## What this means
 9 | * "We will accept": This means that we will incorporate your contribution into the project’s codebase, adapt it as needed, and give you full credit for your work.
10 | * "contributions": This means just about anything you wish to contribute to the project, as long as it is good code we can use. The easier you make it for us to accept your contribution, the happier we are, but if it’s good enough, we will do a reasonable amount of work to use it.
11 | * "of good code": This means that we will accept contributions that work well and efficiently, that fit in with the goals of the project, that match the project’s coding style, and that do not impose an undue maintenance workload on us going forward. This does not mean just program code, either, but documentation and artistic works as appropriate to the project.
12 | * "that we can use": This means that your contribution must be given freely and irrevocably, that you must own the copyright or else have written permission of those who do to contribute it for our unrestricted use, and that your contribution is made under the correct license for the project.
13 | * "from anyone": This means exactly that. We don’t care about anything but your code. We don’t care about your race, religion, national origin, biological gender, perceived gender, sexual orientation, lifestyle, political viewpoint, or anything extraneous like that. We will neither reject your contribution nor grant it preferential treatment on any basis except the code itself. We do, however, reserve the right to tell you to go away if you behave too obnoxiously toward us.
14 | 
15 | ## If Your Contribution Is Rejected
16 | 
17 | If we reject your contribution, it means only that we do not consider it suitable for our project in the form it was submitted. It is not personal. If you ask civilly, we will be happy to discuss it with you and help you understand why it was rejected, and if possible improve it so we can accept it. If we are not able to reach an agreement, then you are free to fork our project, as with any Open Source project, and add your contribution to your fork.
18 | 
19 | ### Revision History
20 | 0.1, 2015–11–18: Initial draft.
21 | 0.2, 2015–11–18: Added “If Your Contribution Is Rejected” section.
22 | 0.3, 2015–11–19: Added “irrevocably” to “we can use” and changed “it” to “your contribution” in the “if rejected” section. Thanks to Patrick Maupin.
23 | 0.4, 2018–10–08: Clarified and simplified the “we can use” section on copyrights and licensing. Thanks to Bruce Perens.
24 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Awesome ES[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)
 2 | 
 3 | > A curated list of awesome resources for Splunk Enterprise Security.
 4 | 
 5 | ## Contents
 6 | 
 7 | - [Basics](#basics)
 8 | - [Education and Training](#education-and-training)
 9 | - [Professional Services](#professional-services)
10 | - [SOAR Integration](#soar-integration)
11 | - [Threat Intelligence](#threat-intelligence)
12 | - [.Conf Presentations](#conf-presentations)
13 | 
14 | ## Basics
15 | 
16 | Resources for getting started with Splunk Enterprise Security.
17 | 
18 | - [Splunk Website](https://splunk.com)
19 |   - [Downloads](https://www.splunk.com/download)
20 |   - [Previous Releases](https://www.splunk.com/page/previous_releases)
21 |   - [Awesome Splunk](https://github.com/sduff/awesome-splunk) - A curated list of awesome Splunk resources.
22 | - [Splunk Enterprise Security Homepage](http://www.splunk.com/view/enterprise-security-app/SP-CAAAE8Z)
23 |   - [Downloads](https://splunkbase.splunk.com/app/263/) - Download page for licensed users.
24 |   - [Documentation](https://docs.splunk.com/Documentation/ES/latest)
25 |   - [ES Splunk Blog Posts](https://www.splunk.com/blog/tag/splunk-enterprise-security.html)
26 |   - [Splunk ES Content Update](https://splunkbase.splunk.com/app/3449/) - Regularly updated pre-packaged Security Content for use in Splunk ES.
27 | 
28 | ## Education and Training
29 | - [Tutorial](https://docs.splunk.com/Documentation/ES/latest/Tutorials/Overview) - Tutorial on creation of new Correlation Searches.
30 | - Training Classes
31 |   - [Using Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html)
32 |     - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-end-users/overview.html)
33 |   - [Administering Splunk Enterprise Security](https://www.splunk.com/en_us/training/courses/administering-splunk-enterprise-security.html)
34 |     - [Suggested Learning Path](https://www.splunk.com/en_us/training/learning-path/courses-for-enterprise-security-administrators/overview.html)
35 | - Certifications
36 |   - [Splunk Enterprise Security Certified Admin](https://www.splunk.com/en_us/training/certification-track/splunk-es-certified-admin/overview.html)
37 |     - [Splunk Enterprise Security Certified Admin Blueprint](https://www.splunk.com/content/dam/splunk2/pdfs/training/Splunk-Test-Blueprint-ES-Admin-v.1.1.pdf) - A guide to the examinable material in the ES Admin certification.
38 | 
39 | ## Professional Services
40 | 
41 | Need to get the experts involved in an Enterprise Security implementation, or seeing guidance.
42 | 
43 | - [Splunk Security and Compliance Service Offerings](https://www.splunk.com/en_us/support-and-services/splunk-services/offerings/security-and-compliance-services.html)
44 | - [Splunk Partners for Enterprise Security Implementation](https://partners.splunk.com/locator/search?f0=Professional+Services+Specializations&f0v0=ES+Implementation)
45 | 
46 | ## Risk Based Alerting
47 | - [RBA All Day](https://rbaallday.com) - Reduce noise by using a Risk Based approach to notable event generation.
48 |   - [SA-RBA](https://github.com/apger/SA-RBA) - Solution AddOn for ES, adds custom visualisations and correlation searches for RBA.
49 |   - [Phantom RBA](https://github.com/kelby-shelton/phantom-rba) - Phantom functions for RBA investigations and enrichment.
50 | 
51 | ## SOAR Integration
52 | - [Splunk Phantom](https://www.splunk.com/en_us/software/splunk-security-orchestration-and-automation.html)
53 |   - [Awesome Phantom](https://github.com/ryanplasma/awesome-splunk-phantom) - Awesome resources for Splunk Phantom.
54 | 
55 | ## Threat Intelligence
56 | - [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of awesome threat intelligence resources.
57 | 
58 | ## .Conf Presentations
59 | 
60 | Selected .conf presentations related to various aspects of Splunk Enterprise Security.
61 | 
62 | - [All .Conf Presentations for Enterprise Security](https://conf.splunk.com/watch/conf-online.html?search.products=1518807815929004Tieu#/)
63 | - [How to Migrate from Legacy SIEM to Splunk](https://static.rainfocus.com/splunk/splunkconf18/sess/1523486455444001luSF/finalPDF/Assessing-Threat-Intelligence-Sharing-1571_1538782551848001rhKL.pdf)
64 | - [Enterprise Security Multi-Tenant Fundamentals](https://conf.splunk.com/files/2017/slides/analytic-stories-or-how-i-learned-to-stop-worrying-and-respond-to-threats.pdf)
65 | 
66 | ## Contribute
67 | Contributions welcome! Read the [contribution guidelines](contributing.md) first.
68 | 
69 | ## License
70 | [![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0)
71 | 
72 | To the extent possible under law, Simon Duff has waived all copyright and
73 | related or neighbouring rights to this work.
74 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 | CC0 1.0 Universal
 2 | ==================
 3 | 
 4 | Statement of Purpose
 5 | ---------------------
 6 | 
 7 | The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
 8 | 
 9 | Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
10 | 
11 | For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
12 | 
13 | 1. Copyright and Related Rights.
14 | --------------------------------
15 | A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
16 | 
17 | i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
18 | ii. moral rights retained by the original author(s) and/or performer(s);
19 | iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
20 | iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
21 | v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
22 | vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
23 | vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
24 | 
25 | 2. Waiver.
26 | -----------
27 | To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
28 | 
29 | 3. Public License Fallback.
30 | ----------------------------
31 | Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
32 | 
33 | 4. Limitations and Disclaimers.
34 | --------------------------------
35 | 
36 | a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
37 | b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
38 | c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
39 | d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
40 | 
41 | 


--------------------------------------------------------------------------------