Skip to content

Source types for the Splunk Add-on for Sysmon

The Splunk Add-on for Sysmon collects data from Sysmon’s dedicated Windows Event log.

Source type Description CIM data models
XmlWinEventLog Windows Event Log data for Sysmon provided by WinEventLog in XML or standard format. Endpoint Network Resolution (DNS), Network Traffic, Change