Hey Guys,
is there a quick and easy way to monitor .exe within the Windows sys32 folder via a stanza ?
I need to know if the file is ran / closed / renamed or moved
I tried the [monitor] stanza but it looks like that only monitors the file contents i.e. file edits
Thank you
Probably the security events might help you
Reference : http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows
Thank you i'll take a look at this option. 🙂