Search
  • danielpwilson

Hunter.io and Splunk

So I've been thinking today about how useful Splunk is on the "blue" side of the house. What about the Purple and Red side? What features would Splunk need to gain to add value to the other 2/3rds of the Security market? SIEM for Redteams?


So I popped on some Pentest training material from The Cyber Mentor (https://www.thecybermentor.com/) and focused on what I could do to make this guy's job easier.


It's far from a "SIEM for Redteams" but tossed together a Splunk add-on to connect Splunk to Hunter IO. Should help Blue and Red-teamers enrich their events/dashboards/investigations with email addresses.


https://github.com/dpwtheitguy/hunterio_ta


Enjoy!

#email #splunk #hunterio #tcm

19 views0 comments

Recent Posts

See All

I had to do some casual counting of sourcetypes today. In the process I was trying to decide if I needed to dedup before going to stats. It seemed to me a dedup would, in theory, pass less data to sta