Splunk Enterprise Security

Endpoint datamodel

VijaySrrie
Builder

Hi,

For "Endpoint datamodel" with specific to "sysmon" sourcetype, what are all the mandatory fields?

 

 

Labels (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

Hi @VijaySrrie 

Splunk Add-On for Microsoft Sysmon | Splunkbase Add-on having CIM mapping for sysmon data, you can find out the extractions by downloading it.

---

An upvote would be appreciated and Accept solution if it helps!

View solution in original post

0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @VijaySrrie 

Splunk Add-On for Microsoft Sysmon | Splunkbase Add-on having CIM mapping for sysmon data, you can find out the extractions by downloading it.

---

An upvote would be appreciated and Accept solution if it helps!

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...