All Apps and Add-ons

Anyone prepared to be a reference for sysmon splunk app

Path Finder

Hi ,
Our desktop team are looking for a reference company who has rolled out sysmon under splunkUF
Size 5000 endpoints
Mix of windows7/10
business has an engineering focus

would anyone be interested in a quick meeting and seeing if they have experienced any issues (performance or otherwise).

Many thanks if willing to help out a fellow splunker


On Splunkbase search for sysmon gives lot of results..

Maybe, check these two -

Sysmon App for Splunk

Add-on for Microsoft Sysmon

thanks and best regards,

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

Path Finder

Many thanks
yes rolled out the Add-on but not the Dashboard
mai purpose is to get input into SES, but will investiagte the dashboard
Also rolled out along with Splunk_TA_windows , TA-Sysmon-deploy, TA_PWChange and a modified System App to blacklist the metrics.log traffic (thought important)

only rolled out to a handfull of systems so far (15),
My company was looking for some similar company who had gone through the install, for reference

many thanks

0 Karma


the first app, Sysmon App for Splunk, is a "Splunk AppInspect Passed".. so, most of the user's requirements should be handled on this i hope.

as given on this above page -

Feature Request
Submit an issue via repository on Github ( or Twitter @m_haggis or @jarrettp

Submit an issue via repository on Github -

i am sure, most of your requirements should be met by this app, or you can request a "Feature Requst" on that github page.

As you are a new user to Splunk Answers, you can upvote the answers/comments, you can select an answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

thanks and best regards,

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

Path Finder

thanks Again
I was really looking for a reference company , but I really appreciate you answering (and will keep asking splunk for a reference otherwise wont be able to role out to the company)

Note loaded the Dashboard App(3544)
first thing I noticed on the Status dashboard was it wasn't using the same name for identifing a Computer
it uses sysmon | stats count by Computer | sort - count
While the TA uses ComputerName

So doesnot return anything in the search

Will see if anyone has reported to github
Many thanks again

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...