Author: my2ndhead

Source type(s):

Supported product(s):

App Version: 1.0

Supported CIM Version: >=4.4.0

Supported CIM Data Models:

Eventgen Samples included: Yes

Add-on contains: Search and Parsing-Time configuration

===

Add-on is a partial replacement for Splunk_TA_windows. Focus is on CIM compliancy and performance.

Note 1: Test this add-on first on a separate Search Head before running in production.

Note 2: App is not compatible with Splunk App for Windows Infrastructure due to different eventtype naming

Note 3: App does not include following bin scripts, due to copyright reasons. Run Splunk_TA_windows on Forwarders instead.

Microsoft KB Documents used for lookups:

Todo: Improve CIM Datamodel compatibility (ongoing)

License: Creative Commons Attribution 4.0 International
https://creativecommons.org/licenses/by/4.0/

Technology Add-on for Microsoft Windows

5