Welcome to the Splunk Security Content
This project gives you access to our repository of Analytic Stories that are security guides which provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls. They include Splunk searches, machine-learning algorithms, and Splunk Phantom playbooks (where available)—all designed to work together to detect, investigate, and respond to threats.
You can review our Analytic Stories by category here, or in our Splunk App.
If you prefer working with the command line, check out our API:
curl -s https://content.splunkresearch.com | jq
{
"hello": "welcome to Splunks Research security content api"
}
Once you've installed our app, we recommend using our Analytic Story Execution App (ASX) to execute and schedule all of the detections a story automatically.
The attack_range project allows you to spin up an enviroment and launch attacks against it to test the detections.
If you get stuck or need help with any of our tools, see our support options.
If you want to help the rest of the security community by sharing your own detections, see our contributor guide. Digital defenders unite!
- stories/: All Analytic Stories
- detections/: Splunk Enterprise, Splunk UBA, and Splunk Phantom detections that power Analytic Stories
- response_tasks/: Splunk Enterprise and Splunk Phantom investigative searches and playbooks employed by Analytic Stories
- responses/: Automated Splunk Enterprise and Splunk Phantom responses triggered by Analytic Stories
- baselines/: Splunk Phantom and Splunk Enterprise baseline searches needed to support detection searches in Analytic Stories