Hurricane Labs Content+

Hurricane Labs Content+ is a Splunk app that allows for any Splunk Enterprise search head to subscribe to Hurricane Labs’ content repository. This repository contains Enterprise Security correlation searches, tuning macros, and dashboards that we have built and continue to build for ourselves and our customers.

Content is organized into “packages” which each have their own data prerequisites. This allows the app to only deploy content that is relevant to your particular organization (see Compatibility for more info on this).

Each API key has a monthly “quota” that determines how many packages can be installed in a given month. See Quotas for more info.

Check out the Usage section for further information, including how to Requirements the project.

Contents

• Usage
  • Requirements
  • Installation
  • Content Overview
  • Manual Usage
    • Install
    • Check a package’s compatibility
    • Grab the latest version of the Content+ catalog
    • Check your API key’s monthly usage and number of permitted monthly packages
    • Fork a package
• Compatibility
• Quotas