Hello, After deploying the Splunk Universal Forwarder on a Windows machine, I am observing repeated process creation alerts being triggered by my security monitoring solution. These alerts are specifically related to the following Splunk processes: splunk-winevtlog.exe splunk-admon.exe splunk-powershell.exe splunk-monitornohandle.exe splunk-regmon.exe splunk-netmon These processes are essential for log collection and monitoring, but the constant alerts are causing noise in our monitoring system. I would appreciate any advice or recommended best practices to handle this issue. Specifically: Are there standard configurations or exclusions that can be applied to suppress alerts for these legitimate processes? What steps can be taken to ensure the forwarder operates as intended without raising unnecessary security flags?
... View more
