Splunk Enterprise Security

Windows Data Mapping to the Update Data Model

dokaas_2
Path Finder

I'm in the process of implementing Splunk ES.  We are using the Splunk_TA_windows and use the generate_windows_update_logs.ps1script to generated update log files.  However, that file looks useless in populating the Update data model used in ES. 

Is there another script that will produce suitable output from Windows OS to populate the Update data model that can be used by ES?

 

 

Labels (2)
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!