Home Commands Tools Labs Defense Center Learning Paths Quizzes Challenges CTF Hubs Premium Log in

Library

Command reference

Search the live database for syntax, tools, use cases, tags, MITRE context, and safe lab-ready command examples.

140 results Clear filters
Grc Advanced Premium

ISO 27001:2022 implementation roadmap — from gap analysis to certification

ISO 27001:2022 implementation roadmap — from gap analysis to certification

Conduct Gap Analysis → Map Controls → Implement ISMS → Internal Audit → Certification Audit
iso27001 isms certification compliance grc
ISO 27001 / ISO 27001 Open
Grc Intermediate Free

NIST Cybersecurity Framework 2.0 core functions and implementation workflow

NIST Cybersecurity Framework 2.0 core functions and implementation workflow

IDENTIFY → PROTECT → DETECT → RESPOND → RECOVER
nist csf framework governance risk
NIST CSF / NIST Open
Grc Intermediate Free

Quantitative risk scoring formula for information security risk assessments

Quantitative risk scoring formula for information security risk assessments

Risk Score = Likelihood × Impact | Residual Risk = Inherent Risk − Control Effectiveness
risk assessment cia iso27001 grc
Risk Assessment / Risk Assessment Open
Grc Intermediate Free

Linux Audit Framework — report failed logins and root activity for today

Linux Audit Framework — report failed logins and root activity for today

aureport --login --start today --end now | grep -E "(failed|root)"
audit aureport auditd compliance logging
Audit CLI / Audit Procedures Open
Defensive Intermediate Free

Find repeated authentication failures by source and user.

Find repeated authentication failures by source and user.

index=security sourcetype=auth action=failure | stats count by src_ip user | sort -count
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Baseline Windows process creation pairs.

Baseline Windows process creation pairs.

index=windows EventCode=4688 | stats count by New_Process_Name Parent_Process_Name | sort -count
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Hunt for suspicious DNS queries to abused file extensions.

Hunt for suspicious DNS queries to abused file extensions.

index=dns query="*.zip" OR query="*.mov" | stats count by src_ip query
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Review large outbound web transfers.

Review large outbound web transfers.

index=proxy status=200 bytes_out>5000000 | table _time src_ip user url bytes_out
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Find PowerShell encoded command usage.

Find PowerShell encoded command usage.

index=edr process_name=powershell.exe | search command_line="*EncodedCommand*"
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Identify users authenticating from multiple source locations.

Identify users authenticating from multiple source locations.

index=vpn action=success | stats dc(src_ip) as locations by user | where locations > 2
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Hunt failed cloud console logons.

Hunt failed cloud console logons.

index=cloud eventName=ConsoleLogin responseElements.ConsoleLogin=Failure | stats count by sourceIPAddress userIdentity.arn
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open
Defensive Intermediate Free

Summarize phishing verdicts by sender and recipient.

Summarize phishing verdicts by sender and recipient.

index=email verdict=phish | stats count by sender recipient subject
splunk threat-hunting expanded-library
Splunk / Threat Hunting Open