Here are some of the custom analytics I have helped to build! Command
Line Account CreationSensor Type: GPProcessEvent$event.type == 1 AND
$event.process.name == "/usr/bin/dscl" AND $event.process.commandLine
CONTAINS " -create " Command Line Activit...
This is an example dashboard that I use for Jamf Protect with Splunk! I
know that using Splunk as a SIEM is a standard for most SOCs and the
data was easy to search and create visualizations. Really looking
forward to see others dashboards for inspir...