Skip to content

Latest commit

 

History

History
7 lines (5 loc) · 608 Bytes

README.md

File metadata and controls

7 lines (5 loc) · 608 Bytes

things

Baltar

Searches for Insider Threat Hunting

A set of all known log and / or event data searches for insider threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK using F/OSS (free and open source) primary data pipelines.

This is not a general purpose threat hunting search set. It is designed for hunting rogue users engaged in data theft and / or fraud. It requires large-scale data collection in order to utilize supernumerary event types like file and object access.