MITRE have just published the JSON results of their EDR evalutions simulating APT29. However also this time their structure makes it difficult to Splunk. Use this Python script for easier Splunking.
$ python transpose_mitre_eval_apt29.py file.json > file_for_splunk.json