Installation and configuration overview for the Splunk Add-on for Sysmon¶
Complete the following steps to install and configure this add-on:
-
Configure your Microsoft Sysmon deployment to collect data.
- Optionally, configure WEF/WEC support to forward and collect Sysmon events.
-
Install your add-on: Install the Splunk Add-on for Sysmon on to your Splunk platform deployment.
-
Configure your inputs: Configure inputs for the Splunk Add-on for Sysmon.
The Splunk Add-on for Microsoft Windows and the Splunk App for Windows Infrastructure are not required for the Splunk Add-on for Sysmon to function.