Splunk ES Correlation Searches (Rules) Best & Cool Practices

The following document is by far the top accessed resource from my solo business website. Since its first release in late 2020 I’ve received lots of feedback and suggestions.

https://github.com/inodee/threathunting-spl/blob/master/Splunk%20ES%20Correlation%20Searches%20Best%20Practices%20v1.3.pdf

What's it about?

It's a 15-page PDF covering the challenges you encounter when writing or maintaining correlation searches in Splunk's Enterprise…