Awesome list of keywords and artifacts for Threat Hunting sessions

Timeline of Active Directory changes with replication metadata

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

Svendsen Tech's ConvertTo-STJson is a pure-PowerShell ConvertTo-Json for PowerShell version 2

Connect Splunk to Azure Activity Log via PowerShell automation

Splunk scripts and config files.

Build an elaborate Splunk enterprise environment that will extract powerful insights from your machine-generated big data

Presentations

Splunk Add-on to import Windows WEC subscription information

Send-STSplunkMessage is a PowerShell version 2-compatible function for sending ad hoc splunk messages to the specified index, source, source type and (list of) Splunk forwarder/HEC URI(s).

Example ActiveDirectory export scripts for use with Splunk HEC collector.

Technical Addon for Splunk to ingest Christian Wojner's (@didelphodon) DensityScout Output

การใช้ Ansible Automation Platform กับ Window Server 2019 เพื่อติดตั้ง Splunk Universal Forwarder

Custom Sysmon configuration, add read CMD And Powershell by Zake

Splunk Resource Kit for Powershell

Scripts for Splunk Alerts

Python libraries for Splunk Machine Learning Toolkit

Splunk ansible build example