Awesome list of keywords and artifacts for Threat Hunting sessions

Timeline of Active Directory changes with replication metadata

Automation scripts to deploy Windows Event Forwarding, Sysmon, and custom audit policies in an Active Directory environment.

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

Svendsen Tech's ConvertTo-STJson is a pure-PowerShell ConvertTo-Json for PowerShell version 2

Connect Splunk to Azure Activity Log via PowerShell automation

Splunk scripts and config files.

Microsoft Teams Observability Agent — call records, call queues & auto attendants telemetry. High quality and enriched metrics to Observability platforms.

Build an elaborate Splunk enterprise environment that will extract powerful insights from your machine-generated big data

Presentations

Splunk Add-on to import Windows WEC subscription information

Send-STSplunkMessage is a PowerShell version 2-compatible function for sending ad hoc splunk messages to the specified index, source, source type and (list of) Splunk forwarder/HEC URI(s).

Automate your AD lab: Unattended deployment of Windows Server 2022 DC, Windows 11 client, and Ubuntu Server with PowerShell & Bash, plus Splunk integration.

Example ActiveDirectory export scripts for use with Splunk HEC collector.

Technical Addon for Splunk to ingest Christian Wojner's (@didelphodon) DensityScout Output

Custom Sysmon configuration, add read CMD And Powershell by Zake

Answer 'Is anyone using my dashboard?' Track Splunk dashboard usage, health, errors, and performance to demonstrate content value and identify cleanup opportunities. 📊

PowerShell script to automate Windows monitoring setup with Sysmon, Splunk Universal Forwarder, and custom inputs/outputs configuration.

การใช้ Ansible Automation Platform กับ Window Server 2019 เพื่อติดตั้ง Splunk Universal Forwarder

DFIR portfolio: investigation cases with IOCs & ATT&CK, plus operational detections (Splunk/Sigma).