Splunk Enterprise Security

Remote Registry Key modifications

vietlq414
Explorer

It currently monitors filesystem changes and to make adjustments to that I modify an inputs.conf file under deployment_apps. I want to add windows registry monitoring. I don't understand what is registry path in search "*datamodel=Endpoint.Registry where Registry.registry_path="\\*" *". When I remote modify with REGEDIT and monitor with Sysmon, its does not return any path like that.
Thanks,

Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...