Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

sysmon fields mapping to endpoint datamodel

faisalzabd
Engager
‎01-16-2024 11:33 PM

I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which fields in endpoint datamodel.

 

for example Image & ParentImage it should show in which fields from endpoint datamodel since we have multiple fields for processes and parent processes it is confusing.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2024 08:09 AM

The CIM manual should help.  It describes each DM field so you can determine which of the fields in your data map best.  See https://docs.splunk.com/Documentation/CIM/5.3.1/User/Endpoint#Processes

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-17-2024 08:09 AM

The CIM manual should help.  It describes each DM field so you can determine which of the fields in your data map best.  See https://docs.splunk.com/Documentation/CIM/5.3.1/User/Endpoint#Processes

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top