Awesome list of keywords and artifacts for Threat Hunting sessions

Timeline of Active Directory changes with replication metadata

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

Svendsen Tech's ConvertTo-STJson is a pure-PowerShell ConvertTo-Json for PowerShell version 2

Connect Splunk to Azure Activity Log via PowerShell automation

Splunk scripts and config files.

Microsoft Teams Observability Agent — call records, call queues & auto attendants telemetry. High quality and enriched metrics to Observability platforms.

Build an elaborate Splunk enterprise environment that will extract powerful insights from your machine-generated big data

Presentations

Splunk Add-on to import Windows WEC subscription information

Send-STSplunkMessage is a PowerShell version 2-compatible function for sending ad hoc splunk messages to the specified index, source, source type and (list of) Splunk forwarder/HEC URI(s).

Automate your AD lab: Unattended deployment of Windows Server 2022 DC, Windows 11 client, and Ubuntu Server with PowerShell & Bash, plus Splunk integration.

Example ActiveDirectory export scripts for use with Splunk HEC collector.

Custom Sysmon configuration, add read CMD And Powershell by Zake

การใช้ Ansible Automation Platform กับ Window Server 2019 เพื่อติดตั้ง Splunk Universal Forwarder

Technical Addon for Splunk to ingest Christian Wojner's (@didelphodon) DensityScout Output

Splunk ansible build example

App designed to create a local app that will tag Perfmon inputs with the "_meta" field for each host uniquely