Skip to content

ajackal/splunk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

IR-triage_compatible.ps1

IR-triage_compatible.ps1

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Splunk-HTTP-Collector.ps1

Splunk-HTTP-Collector.ps1

 
 

inputs.conf

inputs.conf

 
 

splunk-script.ps1

splunk-script.ps1

 
 

Repository files navigation

Splunk>

Splunk HTTP Event Collector

Splunk_HTTP_Collector.ps1

A PowerShell script that uses a REST API to POST data to a Splunk server with the HTTP Event Collector service enabled. Formatting the JSON properly is critical for Splunk to accept the POST and parse the JSON properly.

Splunk Install Script

splunk-script.ps1

A PowerShell script to download a Splunk Universal Forwarder from a remote server, install, configure and then remove the installation pacakge from the system. TODO: add error handling and messaging to a Splunk HTTP Event Collector.

Splunk Inputs Configuration

inputs.conf

The Splunk inputs.conf file modified to collect PowerShell/Operational and Sysmon/Operational logs. Needs to be modified from the $SPLUNK_HOME/etc/system/local directory.

About

Splunk scripts and config files.

Topics

splunk powershell powershell-script

Resources

Readme

License

GPL-3.0 license
Activity

Stars

5 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages