https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560731#M159376 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222747">@verifi81</a>&nbsp;sysmon settings have been shared here FYI -&nbsp;<A href="https://community.splunk.com/t5/Getting-Data-In/Connectivity-issues/m-p/560318/highlight/true#M92616" target="_blank">Solved: Re: Connectivity issues - Splunk Community</A></P><P>--</P><P>An upvote would be appreciated if this reply helps!</P> Mon, 26 Jul 2021 04:44:38 GMT venkatasri 2021-07-26T04:44:38Z https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560729#M159374 <P>Hello friends,</P><P>&nbsp;</P><P>Suppose I install Microsoft Sysmon on a Windows server.&nbsp;&nbsp;</P><P>I then go install the Universal Forwarder on the Windows server with the default settings.&nbsp; A deployment server is in the mix too if that matters.&nbsp;&nbsp;</P><P>My question is this.&nbsp; Will the Universal Forwarder know to pick up the Syslog events if using all default settings? Is that defined on the Deployment server?</P> Mon, 26 Jul 2021 04:23:46 GMT https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560729#M159374 verifi81 2021-07-26T04:23:46Z https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560730#M159375 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222747">@verifi81</a>&nbsp;</P><P>By default add-on having sysmon events disabled you shall deploy it UF either via DeploymentServer (DS) having it enabled.&nbsp; DS doesn't define anything it's the admin who supposed to enable it and put it on DS then whitelist the add-on to get deployed to UF that you wish to.</P><P>--</P><P>An upvote would be appreciated and Accept the solution if this reply helps!</P> Mon, 26 Jul 2021 04:39:09 GMT https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560730#M159375 venkatasri 2021-07-26T04:39:09Z https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560731#M159376 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/222747">@verifi81</a>&nbsp;sysmon settings have been shared here FYI -&nbsp;<A href="https://community.splunk.com/t5/Getting-Data-In/Connectivity-issues/m-p/560318/highlight/true#M92616" target="_blank">Solved: Re: Connectivity issues - Splunk Community</A></P><P>--</P><P>An upvote would be appreciated if this reply helps!</P> Mon, 26 Jul 2021 04:44:38 GMT https://community.splunk.com/t5/Splunk-Search/Heavy-forwarder-and-sysmon/m-p/560731#M159376 venkatasri 2021-07-26T04:44:38Z