Splunk Add-on for Sysmon
|Vendor Products||Microsoft Sysmon v14.13|
|Add-on has a web UI||No. This add-on does not contain any views.|
The Splunk Add-on for Sysmon allows a Splunk software administrator to create a Splunk software data input and CIM-compliant field extractions for Microsoft Sysmon.
The Splunk Add-on for Sysmon should is not the same as the Splunk Add-on for Microsoft Sysmon, which is a community-supported add-on.
The community-supported add-on will remain available, but since the Splunk Add-on for Sysmon contains enhancements to events field mappings and Common Information Model (CIM) changes, you should migrate your Microsoft Sysmon data ingestion from the Splunk Add-on for Microsoft Sysmon to the Splunk Add-on for Sysmon.
For information on the differences in the technical support for different Splunkbase app or add-ons, see the Support content topic in the Splunk Developer Guide.
Download the Splunk Add-On for Sysmon from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Sysmon.
For information about installing and configuring the Splunk Add-on for Sysmon, see Installation and configuration overview for the Splunk Add-on for Sysmon.
Hardware and software requirements for the Splunk Add-on for Sysmon
This documentation applies to the following versions of Splunk® Supported Add-ons: released