https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445014#M77465 <P>Hey Guys,</P> <P>is there a quick and easy way to monitor .exe within the Windows sys32 folder via a stanza ?</P> <P>I need to know if the file is ran / closed / renamed or moved </P> <P>I tried the [monitor] stanza but it looks like that only monitors the file contents i.e. file edits </P> <P>Thank you</P> Wed, 13 Jun 2018 08:55:30 GMT AaronMoorcroft 2018-06-13T08:55:30Z https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445014#M77465 <P>Hey Guys,</P> <P>is there a quick and easy way to monitor .exe within the Windows sys32 folder via a stanza ?</P> <P>I need to know if the file is ran / closed / renamed or moved </P> <P>I tried the [monitor] stanza but it looks like that only monitors the file contents i.e. file edits </P> <P>Thank you</P> Wed, 13 Jun 2018 08:55:30 GMT https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445014#M77465 AaronMoorcroft 2018-06-13T08:55:30Z https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445015#M77466 <P>Probably the security events might help you </P> <P>Reference : <A href="http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows">http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows</A></P> Wed, 13 Jun 2018 09:34:18 GMT https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445015#M77466 renjith_nair 2018-06-13T09:34:18Z https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445016#M77467 <P>Thank you i'll take a look at this option. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 13 Jun 2018 11:46:48 GMT https://community.splunk.com/t5/Getting-Data-In/Monitor-Exe-files/m-p/445016#M77467 AaronMoorcroft 2018-06-13T11:46:48Z