Skip to content

randomuserid/Baltar

Repository files navigation

things

Baltar

Searches for Insider Threat Hunting

A set of all known log and / or event data searches for insider threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK using F/OSS (free and open source) primary data pipelines.

This is not a general purpose threat hunting search set. It is designed for hunting rogue users engaged in data theft and / or fraud. It requires large-scale data collection in order to utilize supernumerary event types like file and object access.

About

Searches for Insider Threat Hunting

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published