Awhile back I created a new project that I haven't linked here, called Augmentd (https://augmentd.co/). It's aimed at security engineers/analysts to use in common security tools, most notably:

  • Splunk
  • osquery
  • Streamalert
  • ELK
  • Sysmon
  • Sigma

This site is a way for analysts/engineers to share their custom searches/alerts/queries to others, to help improve security to smaller teams that can't afford professional services, or a more robust product like Splunk's Enterprise Security. This way, every team can have some baseline searches and alerts to use to get their security alerting and monitoring programs going.

You can submit new searches/queries/alerts on this page and I will try to review them as quick as possible to get on the site. The hope is that people submit their knowledge of these tools here, so we have a quick place to reference this type of information without having to spend a large amount of time thinking of new ideas, or building the searches/alerts to get going.

Please throw any comments/concerns or questions my way, I'd love any feedback on the tool.