Skip to content

Correlation Rules Runner

Correlation Rules Runner is a utility script that can run all or selected/filtered Splunk Enterprise Security correlation rules to see if they return hits. Correlation rules are run one by one using their currently configured time windows. Any correlation rules configured using a realtime time window (e.g. rt-5m) are simply run using the same time span in a normal manner.

See on GitHub