So I've been thinking today about how useful Splunk is on the "blue" side of the house. What about the Purple and Red side? What features would Splunk need to gain to add value to the other 2/3rds of the Security market? SIEM for Redteams?
So I popped on some Pentest training material from The Cyber Mentor (https://www.thecybermentor.com/) and focused on what I could do to make this guy's job easier.
It's far from a "SIEM for Redteams" but tossed together a Splunk add-on to connect Splunk to Hunter IO. Should help Blue and Red-teamers enrich their events/dashboards/investigations with email addresses.
https://github.com/dpwtheitguy/hunterio_ta
Enjoy!
Comentários