Security tools, machine learning frameworks, and research datasets for the security community. Contributing to open source and sharing knowledge to advance the state of security operations.
Enterprise-grade automation framework for deploying and managing Splunk at scale. Streamlines infrastructure provisioning, configuration management, and deployment orchestration for large Splunk environments.
Comprehensive toolkit for Machine Learning & Analytics use cases in security operations. Provides pre-built workflows, algorithms, and visualizations for security practitioners to operationalize ML without deep data science expertise.
Supporting Add-On for parsing PDF indicators of compromise (IOCs). Maintains a repository of uploaded PDFs and runs scheduled searches against IOCs, automating threat intelligence ingestion from PDF reports.
Technical Add-On that normalizes Suricata eve.json fields to match Splunk's Common Information Model (CIM). Enables seamless integration of Suricata IDS telemetry with Splunk Enterprise Security for threat detection and security analytics.
Installation package for deploying Splunk Universal Forwarder via Microsoft System Center Configuration Manager (SCCM). Enables centralized, automated Splunk agent deployment across Windows enterprise environments.
Leaked Mirai botnet source code and captured network traffic for security research and IOC development. Includes Mirai and WannaCry traffic logs captured using Suricata for threat analysis and detection development.
Remote administration tool for deleting Splunk's fishbucket on deployment clients. Enables controlled data reindexing across distributed Splunk deployments without manual intervention on individual forwarders.
Real-world network traffic and Linux OS logs from a honeypot operational during the peak of the Mirai botnet and WannaCry ransomware attacks. Captured with Suricata for threat research, IOC development, and machine learning model training.
Technical Add-On that indexes Suricata rule files from /etc/suricata/rules into Splunk. Enables security teams to review Snort/Suricata signatures, track rule changes over time, and maintain visibility into IDS detection capabilities.
Supplementary materials and code samples from Splunk .conf2016 presentations, including Boss of the SOC security app development workshop materials.
Found these projects useful? Star them on GitHub or contribute improvements!
View All Repositories