All Apps and Add-ons

Anyone prepared to be a reference for sysmon splunk app

Path Finder

Hi ,
Our desktop team are looking for a reference company who has rolled out sysmon under splunkUF
Size 5000 endpoints
Mix of windows7/10
business has an engineering focus

would anyone be interested in a quick meeting and seeing if they have experienced any issues (performance or otherwise).

Many thanks if willing to help out a fellow splunker

Super Champion

On Splunkbase search for sysmon gives lot of results..

Maybe, check these two -

Sysmon App for Splunk

Add-on for Microsoft Sysmon

0 Karma

Path Finder

Many thanks
yes rolled out the Add-on but not the Dashboard
mai purpose is to get input into SES, but will investiagte the dashboard
Also rolled out along with Splunk_TA_windows , TA-Sysmon-deploy, TA_PWChange and a modified System App to blacklist the metrics.log traffic (thought important)

only rolled out to a handfull of systems so far (15),
My company was looking for some similar company who had gone through the install, for reference

many thanks

0 Karma

Super Champion

the first app, Sysmon App for Splunk, is a "Splunk AppInspect Passed".. so, most of the user's requirements should be handled on this i hope.

as given on this above page -

Feature Request
Submit an issue via repository on Github ( or Twitter @m_haggis or @jarrettp

Submit an issue via repository on Github -

i am sure, most of your requirements should be met by this app, or you can request a "Feature Requst" on that github page.

As you are a new user to Splunk Answers, you can upvote the answers/comments, you can select an answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

0 Karma

Path Finder

thanks Again
I was really looking for a reference company , but I really appreciate you answering (and will keep asking splunk for a reference otherwise wont be able to role out to the company)

Note loaded the Dashboard App(3544)
first thing I noticed on the Status dashboard was it wasn't using the same name for identifing a Computer
it uses sysmon | stats count by Computer | sort - count
While the TA uses ComputerName

So doesnot return anything in the search

Will see if anyone has reported to github
Many thanks again

0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...