Our desktop team are looking for a reference company who has rolled out sysmon under splunkUF
Size 5000 endpoints
Mix of windows7/10
business has an engineering focus
would anyone be interested in a quick meeting and seeing if they have experienced any issues (performance or otherwise).
Many thanks if willing to help out a fellow splunker
yes rolled out the Add-on but not the Dashboard
mai purpose is to get input into SES, but will investiagte the dashboard
Also rolled out along with Splunk_TA_windows , TA-Sysmon-deploy, TA_PWChange and a modified System App to blacklist the metrics.log traffic (thought important)
only rolled out to a handfull of systems so far (15),
My company was looking for some similar company who had gone through the install, for reference
the first app, Sysmon App for Splunk, is a "Splunk AppInspect Passed".. so, most of the user's requirements should be handled on this i hope.
as given on this above page -
Submit an issue via repository on Github (https://github.com/MHaggis/sysmon-splunk-app) or Twitter @m_haggis or @jarrettp
Submit an issue via repository on Github - https://github.com/MHaggis/sysmon-splunk-app
i am sure, most of your requirements should be met by this app, or you can request a "Feature Requst" on that github page.
As you are a new user to Splunk Answers, you can upvote the answers/comments, you can select an answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!
I was really looking for a reference company , but I really appreciate you answering (and will keep asking splunk for a reference otherwise wont be able to role out to the company)
Note loaded the Dashboard App(3544)
first thing I noticed on the Status dashboard was it wasn't using the same name for identifing a Computer
sysmon | stats count by Computer | sort - count
While the TA uses ComputerName
So doesnot return anything in the search
Will see if anyone has reported to github
Many thanks again