Getting Data In

Windows universal forwarder with a static config for Sysmon logs

ng87
Path Finder

I was hoping if someone can help me. We are looking into deploying Sysmon and the Universal forwarder remotely in very specific circumstances ( suspicious activity on a host  or by a user etc etc ) . I am struggling on being able to get the universal forwarder setup remotely. Essentially i just need the universal forwarder to forward the sysmon event logs ( Microsoft-Windows-Sysmon/Operational ) but i need to be able to do this remotely via command line or script. 

 I came across a Splunk article about setting up the forwarder with a static config which seemed good but looking into the config options it doesnt seem to allow you to specify what logs to collect - it gives you option of the usual Security , System , Application etc but doesnt appear to support anything else unless im mistaken? 

Else anyone know if its possible to include a config file/parameters within the installer? 

 

Labels (2)
0 Karma
1 Solution

SinghK
Builder

you can download the addon splunk_ta_windows from splunk base and confugure using documetation availble here 

https://splunkbase.splunk.com/app/742/

View solution in original post

0 Karma

SinghK
Builder

I have the powershell script to remotely install the forwarder and the copy splunk ta windows to to apps directory I can send it over tomorrow.

0 Karma

ng87
Path Finder

so you can include the config options with you way ? 

0 Karma

SinghK
Builder

yes 

0 Karma

SinghK
Builder

you can download the addon splunk_ta_windows from splunk base and confugure using documetation availble here 

https://splunkbase.splunk.com/app/742/

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...