Fix sysmon sourcetype, update ThreatHunting app

2020-08-04 21:58:18 -07:00
parent 3fc3119be2
commit 84c29f6739
31 changed files with 124 additions and 98 deletions
--- a/Vagrant/resources/splunk_forwarder/wef_inputs.conf
+++ b/Vagrant/resources/splunk_forwarder/wef_inputs.conf
@@ -323,7 +323,7 @@ current_only = 0
 checkpointInterval = 5

 [WinEventLog://WEC6-Sysmon]
-sourcetype = "XmlWinEventLog:Microsoft-Windows-Sysmon/Operational"
+sourcetype = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 source = WinEventLog:Sysmon
 index=sysmon
 disabled = 0
--- a/Vagrant/resources/splunk_server/threathunting_143.tgz
+++ b/Vagrant/resources/splunk_server/threathunting_143.tgz
--- a/Vagrant/resources/splunk_server/threathunting_144.tgz
+++ b/Vagrant/resources/splunk_server/threathunting_144.tgz