📚-Splunk Detection Library

This section showcases a curated collection of Splunk queries I’ve developed during my time as a Security Analyst. Each query reflects real-world use cases across different domains such as authentication, endpoint activity, and email security. These detections were designed to support threat hunting, incident response, and proactive defense operations.

Explore the categories below:

🔐-User Authentication & Access Monitoring

💻-Remote Access & VPN Monitoring

📬-Email Security Monitoring

📻-Endpoint & Asset Security

🔗-Network & File Transfer Monitoring