icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Windows SOHO Security
SHA256 checksum (windows-soho-security_120.tgz) 8538ec56ea0cce874b9c292e71eb3043e428f895bd7360dbfa6645c532f64eca
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Windows SOHO Security

Splunk Cloud
Overview
Details
Windows SOHO Security centralizes security operations for small office and home office environments with one or more Windows endpoints. Windows SOHO Security transforms data from 15 Windows event logs into high fidelity visualizations, empowering you to monitor a continuous stream of data, perform investigations, and improve the security posture of your SOHO network. With Windows SOHO Security, you can manage security for multiple Windows computers and harness the power of the machine data at your fingertips.

Windows SOHO Security features 10 dashboards, including a security operations center, 52 pre-built security alerts, MITRE integration, built-in security reports and custom drilldowns that you can build upon to suit your needs.

Windows SOHO Security provides visibility into a wide range of endpoint activities, including network connections, system services, scheduled tasks, WMI, authentication and logon events, Windows updates, Microsoft Office apps, command shell, Powershell, firewall, and browser activity. With Windows SOHO Security, you can add a powerful layer of defense for one computer or centrally manage all of your computers.

These are the 15 Windows logs you need for SOHO app. You can pull these as local data inputs in Splunk and add these logs to inputs.conf on Univeral Forwarders to forward these logs to your main Splunk instance.

Security
Application
System
Microsoft-Windows-Sysmon/Operational
Microsoft-Windows-WindowsUpdateClient/Operational
Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
Microsoft-Windows-Windows PowerShell
Microsoft-Windows-Windows-PowerShell/Operational
Microsoft-Windows-WMI-Activity/Operational
Microsoft-Windows-TaskScheduler/Operational
Microsoft-Windows-Winlogon/Operational
Microsoft-Windows-SMBServer/Operational
Microsoft-Windows-WLAN-AutoConfig/Operational
Microsoft-Windows-Dhcp-Client/Operational

The only other app you need for optimal performance is Splunk Add-On for Microsoft Windows.

For more information or any questions, comments, or issues, visit www.cybersecuritysupportdesk.com

Release Notes

Version 1.2.0
Sept. 19, 2021

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.