splunk sysmon events

This page summarizes the projects mentioned and recommended in the original post on /r/Splunk

Our great sponsors
  • WorkOS - The modern API for authentication & user identity.
  • LearnThisRepo.com - Learn 300+ open source libraries for free using AI.
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Yes absolutely. This is a very common workflow for both. One note is that you need to also find a sysmon config to use as well, and there's no easy way to manage either sysmon or its config through Splunk. Recommendations for a config are either SwiftOnSecurity's or Olaf's SysmonModular. They significantly overlap and work with each other on patches. SwiftOnSecurity's is a better pure drop-in, and Olaf's is better if you want to do customization.

  • sysmon-modular

    A repository of sysmon configuration modules

    Yes absolutely. This is a very common workflow for both. One note is that you need to also find a sysmon config to use as well, and there's no easy way to manage either sysmon or its config through Splunk. Recommendations for a config are either SwiftOnSecurity's or Olaf's SysmonModular. They significantly overlap and work with each other on patches. SwiftOnSecurity's is a better pure drop-in, and Olaf's is better if you want to do customization.

  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts