Sysmon Splunk App
We have come a short ways since the initial revolution of Sysmon posts related to hunting and App creation in different log management platforms. In that short span, many ELK and Graylog apps have cropped up. Today, to help those in need on the Splunk side, @jarrettp and I have combined our two Splunk Apps to make a single great Splunk App for Sysmon. We hope this helps you with visibility and increased threat detection using Splunk and Sysmon.
In short, this is a combination of my previous blog posts related to hunting with Sysmon and Jarrett’s great Splunk dashboarding. We created an exceptional app that can help you go from zero to 100 overnight.
We broke the app into multiple categories which are showcased by dropdown menus in Splunk.
When you first access the app, you are provided with a overview of your organization. Following Sysmon Overview we cover:
- Network Activity
- Process Activity
- file Activity
- Registry Overview
- Investigation
Beta/Contribute
As we continue to improve the app and make things even greater, feel free to contribute or test features out here:
App Walkthrough
Sysmon Overview
Network Overview
Process Overview
Investigator
Process Timeline
