Skip to content
/ TA-generic_edr Public

A proof-of-concept Technology Add-On for Splunk that queries and indexes alerts from Generic EDR.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

scottsmiesko/TA-generic_edr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

README

README

 
 

bin

bin

 
 

default

default

 
 

lib/genedr

lib/genedr

 
 

metadata

metadata

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

Generic EDR Add-On for Splunk

こんにちわ!

Some notes

  • Built without referencing a running Splunk or EDR platform.
  • Only tested ad-hoc requests with simple FastAPI listener (see other folder.)
  • Learned about some new/changed libraries
    • solnlib is now open source!
    • dataclasses are great, JSONWizard is a lifesaver.

Components

  • genedr: Python library for Generic EDR
  • TA-generic_edr: Implements genedr to query and index alerts in Splunk
  • Various libs as seen in pyproject.toml

The Future

Assuming the TA is in working order and pulling in alerts fine...

  • TESTS
  • Packaging build/release (ksconf, slim)

About

A proof-of-concept Technology Add-On for Splunk that queries and indexes alerts from Generic EDR.

Topics

python security splunk logging add-on cim edr splunk-cloud api-client-python notable-events

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages