All Apps and Add-ons

Anyone prepared to be a reference for sysmon splunk app

jonxilinx
Explorer

Hi ,
Our desktop team are looking for a reference company who has rolled out sysmon under splunkUF
Size 5000 endpoints
Mix of windows7/10
business has an engineering focus

would anyone be interested in a quick meeting and seeing if they have experienced any issues (performance or otherwise).

Many thanks if willing to help out a fellow splunker

inventsekar
Super Champion

Hi,
On Splunkbase search for sysmon gives lot of results..

Maybe, check these two -

Sysmon App for Splunk
https://splunkbase.splunk.com/app/3544/

Add-on for Microsoft Sysmon
https://splunkbase.splunk.com/app/1914/

0 Karma

jonxilinx
Explorer

Many thanks
yes rolled out the Add-on but not the Dashboard
mai purpose is to get input into SES, but will investiagte the dashboard
Also rolled out along with Splunk_TA_windows , TA-Sysmon-deploy, TA_PWChange and a modified System App to blacklist the metrics.log traffic (thought important)

only rolled out to a handfull of systems so far (15),
My company was looking for some similar company who had gone through the install, for reference

many thanks

0 Karma

inventsekar
Super Champion

the first app, Sysmon App for Splunk, is a "Splunk AppInspect Passed".. so, most of the user's requirements should be handled on this i hope.
https://splunkbase.splunk.com/app/3544/

as given on this above page -

Feature Request
Submit an issue via repository on Github (https://github.com/MHaggis/sysmon-splunk-app) or Twitter @m_haggis or @jarrettp

Support
Submit an issue via repository on Github - https://github.com/MHaggis/sysmon-splunk-app

i am sure, most of your requirements should be met by this app, or you can request a "Feature Requst" on that github page.

As you are a new user to Splunk Answers, you can upvote the answers/comments, you can select an answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

0 Karma

jonxilinx
Explorer

thanks Again
I was really looking for a reference company , but I really appreciate you answering (and will keep asking splunk for a reference otherwise wont be able to role out to the company)

Note loaded the Dashboard App(3544)
first thing I noticed on the Status dashboard was it wasn't using the same name for identifing a Computer
it uses sysmon | stats count by Computer | sort - count
While the TA uses ComputerName

So doesnot return anything in the search

Will see if anyone has reported to github
Many thanks again

0 Karma