We have come a short ways since the initial revolution of Sysmon posts related to hunting and App creation in different log management platforms. In that short span, many ELK and Graylog apps have cropped up. Today, to help those in need on the Splunk side, @jarrettp and I have combined our two Splunk Apps to make a single great Splunk App for Sysmon. We hope this helps you with visibility and increased threat detection using Splunk and Sysmon.
Sysmon App for Splunk | Splunkbase
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to…
In short, this is a combination of my previous blog posts related to hunting with Sysmon and Jarrett’s great Splunk dashboarding. We created an exceptional app that can help you go from zero to 100 overnight.
We broke the app into multiple categories which are showcased by dropdown menus in Splunk.
When you first access the app, you are provided with a overview of your organization. Following Sysmon Overview we cover:
- Network Activity
- Process Activity
- file Activity
- Registry Overview
As we continue to improve the app and make things even greater, feel free to contribute or test features out here: