Skip to content

AITK? #3911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
patel-bhavin wants to merge 5 commits into
base: develop
Choose a base branch
from
+10 −9
Draft

AITK? #3911

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5678c18
aitk
patel-bhavin Feb 18, 2026
e2dacad
test detection
patel-bhavin Feb 18, 2026
4f1d8a4
Merge branch 'develop' into mltk
ljstella Feb 18, 2026
6c0a498
Merge branch 'develop' into mltk
patel-bhavin Feb 23, 2026
e1b99a6
Merge branch 'develop' into mltk
patel-bhavin Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions contentctl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,11 +171,11 @@ apps:
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-add-on-for-microsoft-office-365_510.tgz
- uid: 2890
title: Splunk Machine Learning Toolkit
title: Splunk AI Toolkit
appid: SPLUNK_MACHINE_LEARNING_TOOLKIT
version: 5.5.0
description: description of app
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-machine-learning-toolkit_550.tgz
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-ai-toolkit_570.tgz
- uid: 5518
title: Splunk add on for Microsoft Defender Advanced Hunting
appid: SPLUNK_ADD_ON_FOR_MICROSOFT_DEFENDER_ADVANCED_HUNTING
Expand Down Expand Up @@ -209,9 +209,9 @@ apps:
- uid: 2882
title: Python for Scientific Computing (for Linux 64-bit)
appid: Splunk_SA_Scientific_Python_linux_x86_64
version: 4.2.2
version: 4.3.0
description: PSC for MLTK
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_422.tgz
hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/python-for-scientific-computing-for-linux-64-bit_430.tgz
- uid: 6254
title: Splunk Add-on for Github
appid: Splunk_TA_github
Expand Down
11 changes: 6 additions & 5 deletions detections/endpoint/potentially_malicious_code_on_commandline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,9 @@ tags:
- Splunk Cloud
security_domain: endpoint
tests:
- name: True Positive Test
attack_data:
- data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/malicious_cmd_line_samples/windows-sysmon.log
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog
- name: True Positive Test
attack_data:
- data: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/malicious_cmd_line_samples/windows-sysmon.log
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog

Loading