Splunk® Supported Add-ons

Splunk Add-on for Sysmon for Linux

Release notes for the Splunk Add-on for Sysmon For Linux

Version 1.0.0 of the Splunk Add-on for Sysmon For Linux was released on October 24, 2022.

Compatibility

Version 1.0.0 of the Splunk Add-on for Sysmon for Linux is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1, 8.2 and later
CIM 5.0 and later
Supported OS for data collection Platform independent
Vendor products Sysmon For Linux v1.0.2


New features

Sysmon for Linux events are available in /var/log/syslog and journald. The same events are logged in both locations so if you monitor any of those already, you should be aware of potential duplicates if both locations are monitored. The Add-on defines Sysmon For Linux events collection from journald and filters out non-sysmon events.

Fixed issues

There are no fixed issues for this release.


Known issues

Version 1.0.0 of the Splunk Add-on for Sysmon has the following, if any, known issues.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Sysmon for Linux does not use third-party software or libraries.

Last modified on 17 November, 2022
Lookups for the Splunk Add-on for Sysmon for Linux   Release history

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters