Awesome list of keywords and artifacts for Threat Hunting sessions
-
Updated
Aug 4, 2025 - PowerShell
Awesome list of keywords and artifacts for Threat Hunting sessions
Timeline of Active Directory changes with replication metadata
Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.
Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber
Svendsen Tech's ConvertTo-STJson is a pure-PowerShell ConvertTo-Json for PowerShell version 2
Connect Splunk to Azure Activity Log via PowerShell automation
Microsoft Teams Observability Agent — call records, call queues & auto attendants telemetry. High quality and enriched metrics to Observability platforms.
Build an elaborate Splunk enterprise environment that will extract powerful insights from your machine-generated big data
Presentations
Splunk Add-on to import Windows WEC subscription information
Automate your AD lab: Unattended deployment of Windows Server 2022 DC, Windows 11 client, and Ubuntu Server with PowerShell & Bash, plus Splunk integration.
Example ActiveDirectory export scripts for use with Splunk HEC collector.
Custom Sysmon configuration, add read CMD And Powershell by Zake
การใช้ Ansible Automation Platform กับ Window Server 2019 เพื่อติดตั้ง Splunk Universal Forwarder
Technical Addon for Splunk to ingest Christian Wojner's (@didelphodon) DensityScout Output
App designed to create a local app that will tag Perfmon inputs with the "_meta" field for each host uniquely
Add a description, image, and links to the splunk topic page so that developers can more easily learn about it.
To associate your repository with the splunk topic, visit your repo's landing page and select "manage topics."