You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 lines
5.0 KiB
131 lines
5.0 KiB
[SSE]
|
|
channel=Splunk_Security_Essentials
|
|
order=1
|
|
name=Splunk Security Essentials
|
|
type=app
|
|
app_context=Splunk_Security_Essentials
|
|
|
|
[ES]
|
|
channel=Splunk_App_for_Enterprise_Security
|
|
order=2
|
|
name=Splunk App for Enterprise Security
|
|
app_context=Splunk_Security_Essentials
|
|
type=app
|
|
|
|
|
|
[Custom]
|
|
channel=custom
|
|
order=4
|
|
name=Custom Content
|
|
description=Custom content created locally inside of SSE
|
|
type=app
|
|
app_context=Splunk_Security_Essentials
|
|
|
|
[Splunk_Research_Baselines]
|
|
channel=Splunk_Research_Baselines
|
|
order=5
|
|
name=Splunk Security Content - Baselines
|
|
description=This is the Baselines provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/baselines?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_baselines
|
|
|
|
[Splunk_Research_Deployments]
|
|
channel=Splunk_Research_Deployments
|
|
order=6
|
|
name=Splunk Security Content - Deployments
|
|
description=This is the Deployments provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/deployments?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_deployments
|
|
|
|
[Splunk_Research_Detections]
|
|
channel=Splunk_Research_Detections
|
|
order=7
|
|
name=Splunk Security Content - Detections
|
|
description=This is the Detections provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/detections?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_detections
|
|
[Splunk_Research_Lookups]
|
|
channel=Splunk_Research_Lookups
|
|
order=8
|
|
name=Splunk Security Content - Lookups
|
|
description=This is the Lookups provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/lookups?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_lookups
|
|
|
|
[Splunk_Research_Macros]
|
|
channel=Splunk_Research_Macros
|
|
order=9
|
|
name=Splunk Security Content - Macros
|
|
description=This is the Macros provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/macros?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_macros
|
|
|
|
[Splunk_Research_Stories]
|
|
channel=Splunk_Research_Stories
|
|
order=12
|
|
name=Splunk Security Content - Stories
|
|
description=This is the Analytic Stories provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/stories?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_stories
|
|
|
|
[Splunk_Research_Version]
|
|
channel=Splunk_Research_Version
|
|
order=13
|
|
name=Splunk Security Content
|
|
description=This is the current Version of the API provided by the Splunk Security Content team. The API endpoint is https://content.splunkresearch.com/version?community=false
|
|
type=splunkresearch
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://content.splunkresearch.com/version?client=sse
|
|
build_field=version.name
|
|
content_download_url=https://splk.it/sse_strt_version
|
|
|
|
# [Sigma]
|
|
# channel=Sigma
|
|
# order=-1
|
|
# name=Sigma (Open Source Detections)
|
|
# description=Blah blah description
|
|
# type=content
|
|
# disabled=true
|
|
# default=disabled
|
|
# app_context=Splunk_Security_Essentials
|
|
# build_url=https://api.amazonaws.com/myAPI
|
|
# build_field=buildnum
|
|
# content_download_url=https://api.amazonaws.com/myAPI2
|
|
|
|
[mitreattack]
|
|
channel=mitreattack
|
|
order=14
|
|
name=MITRE ATT&CK
|
|
description=This is how we make sure that we have the latest version of MITRE ATT&CK. The UI grabs it from essentials_updates.conf:[mitreattack]:content_download_url and stashes it in lookup=sse_json_doc_storage_lookup, keeping a version number in lookup=external_content_lookup
|
|
type=mitre
|
|
app_context=Splunk_Security_Essentials
|
|
build_url=https://api.github.com/repos/mitre/cti/releases/latest
|
|
build_field=tag_name
|
|
content_download_url=https://splk.it/mitreattack
|
|
|
|
#[mitrepreattack]
|
|
#channel=mitrepreattack
|
|
#order=-1
|
|
#name=MITRE Pre-ATT&CK
|
|
#description=This is how we make sure that we have the latest version of MITRE Pre-ATT&CK. The UI grabs it from essentials_updates.conf:[mitreattack]:content_download_url and stashes it in lookup=sse_json_doc_storage_lookup, keeping a version number in lookup=external_content_lookup
|
|
#type=mitre
|
|
#app_context=Splunk_Security_Essentials
|
|
#content_download_url=https://go.splunksecurityessentials.com/mitrepreattack |