Splunk Add-On for Microsoft Sysmon

IMPORTANT NOTE! The Splunk Add-on for Sysmon is a new Splunk-supported add-on, and is different from the Splunk Add-on for Microsoft Sysmon (this add-on). The community-supported add-on will continue to exist, but because the Splunk Add-on for Sysmon contains enhancements to events field mappings and Common Information Model (CIM) changes, the best practice is to migrate your Microsoft Sysmon data ingestion from this community-supported add-on to the Splunk-supported add-on. For information on the differences in the technical support for different Splunkbase app or add-ons, see the Support content topic in the Splunk Developer Guide at this URL: https://docs.splunk.com/Documentation/AddOns/released/MSSysmon/Sysmonproductcomparisons It's important to thoroughly test your correlation searches and other Splunk knowledge objects with the new TA before you migrate! Provides a data input and CIM-compliant field extractions for Microsoft Sysmon. The Microsoft Sysmon utility provides data on process creation (including parent process ID), network connections, and much more. This add-on was originally created by Adrian Hall. We appreciate Adrian's contribution and his willingness to turn over control to the current team for ongoing maintenance and development.