Many thanks
yes rolled out the Add-on but not the Dashboard
mai purpose is to get input into SES, but will investiagte the dashboard
Also rolled out along with Splunk_TA_windows , TA-Sysmon-deploy, TA_PWChange and a modified System App to blacklist the metrics.log traffic (thought important)

only rolled out to a handfull of systems so far (15),
My company was looking for some similar company who had gone through the install, for reference

many thanks

the first app, Sysmon App for Splunk, is a "Splunk AppInspect Passed".. so, most of the user's requirements should be handled on this i hope.
https://splunkbase.splunk.com/app/3544/

as given on this above page -

Feature Request
Submit an issue via repository on Github (https://github.com/MHaggis/sysmon-splunk-app) or Twitter @m_haggis or @jarrettp

Support
Submit an issue via repository on Github - https://github.com/MHaggis/sysmon-splunk-app

i am sure, most of your requirements should be met by this app, or you can request a "Feature Requst" on that github page.

As you are a new user to Splunk Answers, you can upvote the answers/comments, you can select an answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

thanks Again
I was really looking for a reference company , but I really appreciate you answering (and will keep asking splunk for a reference otherwise wont be able to role out to the company)

Note loaded the Dashboard App(3544)
first thing I noticed on the Status dashboard was it wasn't using the same name for identifing a Computer
it uses sysmon | stats count by Computer | sort - count
While the TA uses ComputerName

So doesnot return anything in the search

Will see if anyone has reported to github
Many thanks again