Results
3
issues of
Karma
Seems like the host_fqdn reference fieldname in props.conf changed from Computer to ComputerName.
Copy and pasting process commands from Splunk adds a tab character at the beginning of the string.
1. Use 64-bit Sysmon instead of 32-bit 2. Only CHECK_SYSMON_VERSION if it's running in the first place 3. Wasn't accepting '/accepteula' changed it do a '-accepteula' 4. Added hash checks...