Skip to content
/ TA-generic_edr Public

A proof-of-concept Technology Add-On for Splunk that queries and indexes alerts from Generic EDR.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

scottsmiesko/TA-generic_edr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README
README
 
 
bin
bin
 
 
default
default
 
 
lib/genedr
lib/genedr
 
 
metadata
metadata
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Generic EDR Add-On for Splunk

こんにちわ!

Some notes

  • Built without referencing a running Splunk or EDR platform.
  • Only tested ad-hoc requests with simple FastAPI listener (see other folder.)
  • Learned about some new/changed libraries
    • solnlib is now open source!
    • dataclasses are great, JSONWizard is a lifesaver.

Components

  • genedr: Python library for Generic EDR
  • TA-generic_edr: Implements genedr to query and index alerts in Splunk
  • Various libs as seen in pyproject.toml

The Future

Assuming the TA is in working order and pulling in alerts fine...

  • TESTS
  • Packaging build/release (ksconf, slim)

About

A proof-of-concept Technology Add-On for Splunk that queries and indexes alerts from Generic EDR.

Topics

python security splunk logging add-on cim edr splunk-cloud api-client-python notable-events

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages