Investigations can be time-sensitive and complex. Having a set of ready-to-use queries helps me quickly filter through large volumes of data to identify suspicious activities and potential threats. This cheat sheet is meant to speed up that process and reduce the guesswork when searching through logs.
What You’ll Find in the Cheat Sheet:
-
Queries to detect unusual process executions
-
Searches for network anomalies
-
Checks for file changes that might indicate compromise
-
Queries focused on spotting abnormal user behavior
Each query is practical and designed to cover common real-world scenarios that analysts encounter daily.
How You Can Use It:
Whether you’re a SOC analyst, threat hunter, or security enthusiast, this cheat sheet can be a handy tool to have on hand during investigations. You can use it as a starting point and customize the queries to fit your environment.
Where to Access the Cheat Sheet:
You can find the full cheat sheet and explore the repository here:
https://github.com/lucsemassa/splunk_threat_hunting
Feel free to use it, share it, and contribute if you want to improve or add more queries!
