https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707520#M28961 <P>I give you karma for this, i forget my client using Palo Alto to detect it.</P> Tue, 24 Dec 2024 04:30:21 GMT zksvc 2024-12-24T04:30:21Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707258#M28953 <P>Hi Everyone,&nbsp;</P><P>I was create my own lab for learning to configure best practice for Windows.&nbsp;</P><P>Then i create 1 Windows VM and doing scan in local (127.0.0.1) to get any information like port or something else. But unfortunately when it trigger i can't see anything like the result.</P><P>Maybe i need to config something in my Windows or Something ?&nbsp;</P> Thu, 19 Dec 2024 08:19:28 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707258#M28953 zksvc 2024-12-19T08:19:28Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707259#M28954 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/269896">@zksvc</a>&nbsp;,</P><P>you have to follow the instructions at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.3.2/Forwarding/Aboutforwardingandreceivingdata" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.3.2/Forwarding/Aboutforwardingandreceivingdata</A>&nbsp;or&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.3.2/Forwarding/Aboutforwardingandreceivingdata" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.3.2/Forwarding/Aboutforwardingandreceivingdata</A></P><P>there are also many videos to explain this.</P><P>in few words:</P><P>enable Splunk to receive logs,</P><P>install Unioversal Forwarder on the windows system</P><P>install Splunk_TA_Windows on the Universal Forwarder</P><P>enable inputs on the Splunk_TA_Windows</P><P>Ciao.</P><P>Giuseppe</P><P>&nbsp;</P> Thu, 19 Dec 2024 08:38:54 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707259#M28954 gcusello 2024-12-19T08:38:54Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707265#M28955 <P>What exactly are you trying to achieve and how are you doing that?</P><P>What you've shown is an event from Windows Security eventlog which is apparently an audit entry informing you that a process has been spawned on a machine. As far as I remember it doesn't capture command's output.</P> Thu, 19 Dec 2024 10:21:52 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707265#M28955 PickleRick 2024-12-19T10:21:52Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707354#M28958 <P>Hmm so if one of endpoint got hacked and someone doing running script we cannot collect information from output in cmd/powershell ?</P> Fri, 20 Dec 2024 06:23:36 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707354#M28958 zksvc 2024-12-20T06:23:36Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707355#M28959 <P>Already install TA - Windows and restart in UF also installed it in Indexer but why i still cannot read the output ? did i forget to setting something ?&nbsp;</P> Fri, 20 Dec 2024 06:29:29 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707355#M28959 zksvc 2024-12-20T06:29:29Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707356#M28960 <P>I'm not aware of any built-in mechanism that allows you to do so. Maybe some external EDR solution captures that but I can't advise any.</P> Fri, 20 Dec 2024 10:39:10 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707356#M28960 PickleRick 2024-12-20T10:39:10Z https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707520#M28961 <P>I give you karma for this, i forget my client using Palo Alto to detect it.</P> Tue, 24 Dec 2024 04:30:21 GMT https://community.splunk.com/t5/Deployment-Architecture/How-to-see-result-from-CMD-in-Splunk/m-p/707520#M28961 zksvc 2024-12-24T04:30:21Z