Sysmon (with the Splunk Universal Forwarder)

Owned by Richard Goerwitz
Feb 22, 2018

Overview

Those Windows users who have installed the Splunk Universal Forwarder, may additionally install Sysmon if they desire a higher level of logging and auditability.  This is actually recommended for computers used by people with deep access to databases, financial systems, and other sources of sensitive data.  The two programs, Sysmon and the Splunk Universal Forwarder must be installed together in order for Sysmon logs to be saved centrally.

System Requirements

Windows 10 64-bit

Licensing Information

Sysmon is freely available from Microsoft and is part of a well-known suite of administrative tools produced by Microsoft Sysinternals.

Installation Instructions

College Owned Equipment

Installing Software from the KBOX

Windows package name: Windows: Sysmon 7.0.1

Who To Call

Contact Desktop Systems if you find issues with the installer in the K1000.  Contact Richard Goerwitz (x5526) for general questions about Splunk and Sysmon in relation to desktop security.