Note
Looking to migrate from an earlier release to the new contentctl v5+ ? Check out our migration guide here.
contentctl is a tool developed by the Splunk Threat Research Team to help with managing the content living in splunk/security_content and producing the Enterprise Security Content Update app for Splunk. While its development is largely driven by STRT's needs, it has been somewhat genericized and can be used by customers and partners to package their own content. Simply put, contentctl is the workhorse that packages detections, macros, lookups, dashboards into a Splunk app that you can use, and that understands the YAML structure and project layout we've selected to keep development clean.
Check out our User Guide to get started!
Read more about how contentctl can help test and validate your content in a real Splunk instance here.
Already using contentctl, or looking to get started with it already configured in GitHub Actions? Our guide includes workflows to help you build and test your app.
Read the Contribution Guidelines for this project before opening a Pull Request.
| Project | Description |
|---|---|
| Splunk Security Content | Splunk Threat Research Team's Content included in the Enterprise Security Content Update App (ESCU) |
| Splunk Attack Range | Easily deploy a preconfigured Splunk Environment locally or on AWS containing a Splunk Instance, Windows and Linux Machines, and Attacker Tools like Kali Linux. Automatically simulate attacks or run your own |
| Splunk Attack Data | Repository of Attack Simulation Data for writing and Testing Detections |
| Splunk contentctl | Generate, validate, build, test, and deploy custom Security Content |
| SigmaHQ Sigma Rules | Official Repository for Sigma Rules. These rules are an excellent starting point for new content. |
| PurpleSharp Attack Simulation | Open source adversary simulation tool for Windows Active Directory environments (integrated into Attack Range) |
| Red Canary Atomic Red Team | Library of attack simulations mapped to the MITRE ATT&CK® framework (integrated into Attack Range) |
Copyright 2023 Splunk Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.