Solved: sysmon fields mapping to endpoint datamodel

faisalzabd · ‎01-16-2024

I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which fields in endpoint datamodel.

for example Image & ParentImage it should show in which fields from endpoint datamodel since we have multiple fields for processes and parent processes it is confusing.

richgalloway · ‎01-17-2024

The CIM manual should help. It describes each DM field so you can determine which of the fields in your data map best. See https://docs.splunk.com/Documentation/CIM/5.3.1/User/Endpoint#Processes

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎01-17-2024

The CIM manual should help. It describes each DM field so you can determine which of the fields in your data map best. See https://docs.splunk.com/Documentation/CIM/5.3.1/User/Endpoint#Processes

---
If this reply helps you, Karma would be appreciated.

sysmon fields mapping to endpoint datamodel

troubleshooting

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

sysmon fields mapping to endpoint datamodel

troubleshooting

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!