Bhavin Patel
Bhavin Patel
Slack Thread Details: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1653332688795899 [Matthew Whitener](https://app.slack.com/team/U03GLSD061H) from Splunk user group: Hello everyone! I am trying to utilize splunk attack_range in azure from a macbook. I have followed the configuration settings...
rename story file from AWS Credential Access to AWS Account Takeover Known failure: Detect AWS Console Login by New User AWS Cross Account Activity From Previously Unseen Account ( The...
the current detection testing doesnt test detections that are coming from PRs created from forks: Example- https://github.com/splunk/security_content/actions/runs/2949827815/jobs/4713885702 Possible Solution: We need to clone the forked repo, with the branch name...
### Details _What does this PR have in it? Screenshots are worth 1000 words 😄_ ### Checklist - [ ] Validate name matches `__` nomenclature - [ ] [CI/CD](https://github.com/splunk/security_content/actions) jobs...
Simulate AWS TTP using ART: - updated filenames and code to use `attack_range_cloud` instead of `cloud_attack_range` - Adding a mandatory clean_up flag to ensure users delete the resources created by...
explore and index the cloud trail logs from the *flaws.cloud* dataset* in the cloud AR. Link https://summitroute.com/blog/2020/10/09/public_dataset_of_cloudtrail_logs_from_flaws_cloud/ credits: Tom Smit
Updated app that get built into the Splunk Server to have parity with contentctl_test.yml https://cd.splunkdev.com/threat-research/security_content/-/blob/develop/contentctl_test.yml?ref_type=heads We still need to update the pre built packer image
Based on this feature request - https://github.com/splunk/security_content/issues/2385 This PR adds a drill down config to view the specific event for for all TTP detections that have a `risk_object = system`...
One of the errors that is seen during integration testing is the tokenized field $field$ is not present in the search output. Lets add check this in validate so that...
### Details _What does this PR have in it? Screenshots are worth 1000 words 😄_ ### Checklist - [ ] Validate name matches `__` nomenclature - [ ] [CI/CD](https://github.com/splunk/security_content/actions) jobs...