Splunk Security Content

View on GitHub

Splunk Security Content

Welcome to the Splunk Security Content

This project gives you access to our repository of Analytic Stories that are security guides which provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls. They include Splunk searches, machine-learning algorithms, and Splunk Phantom playbooks (where available)—all designed to work together to detect, investigate, and respond to threats.

View Our Content

You can review our Analytic Stories by category here, or in our Splunk App.

If you prefer working with the command line, check out our API:

curl -s | jq
  "hello": "welcome to Splunks Research security content api"

Getting Started

Once you’ve installed our app, we recommend using our Analytic Story Execution App (ASX) to execute and schedule all of the detections a story automatically.

Test Out The Detections

The attack_range project allows you to spin up an enviroment and launch attacks against it to test the detections.


If you get stuck or need help with any of our tools, see our support options.

Contribute Content

If you want to help the rest of the security community by sharing your own detections, see our contributor guide. Digital defenders unite!

Content Parts

Content Spec Files