zhjygit

icon location [email protected]

Results 96 comments of zhjygit

threathunting dashbord is full of 0

> rendering xml for sysmon?Change it in inputs.conf on PC of installled sysmon? ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/af97ab4f-2754-4f76-8141-8dfe9908e4c5) My inputs.conf path is C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default Is there other place to change for xml something? My...

threathunting dashbord is full of 0

C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\inputs.conf [WinEventLog://Microsoft-Windows-Sysmon/Operational] disabled = false renderXml = True index = windows source = WinEventLog:Microsoft-Windows-Sysmon/Operational I add a inputs.conf as follows: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf: [WinEventLog://Microsoft-Windows-Sysmon/Operational] disabled = false renderXml = false...

threathunting dashbord is full of 0

Maybe,what you say above is extremely different with issue #106. As you say, I delete the inputs.conf in path of xxx\local; I delete the added spec on C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\input.conf ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/049e0b12-8c9b-428c-9477-68baf9f584b1)...

threathunting dashbord is full of 0

In the demo video:https://www.youtube.com/watch?v=6tS8nz7sZMQ ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/d7f6bd9e-0f95-4292-aed1-a29a0ce122b2) However,In my splunk, there is no threathunting_file_summary on the dashboard of "about the app". ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/c29efa10-9611-4201-815a-664d0a364ff3) Is that the reason of no data on threathunting overview?

threathunting dashbord is full of 0

> In the demo video:https://www.youtube.com/watch?v=6tS8nz7sZMQ No use to stall the sysmon add-on. I guess the mostly reason is about the index threathunting_file_summary, I can search log via "index=windows", however the...

threathunting_file_summary is empty

![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/1f0edb55-5424-4f42-b58d-ed21a3cb1cdf) As above ,I changed the enableSched from 0 to 1, however, there is no data on dashboard of "about the app": ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/b5279ad5-61b3-4d77-ab0e-bfe6b33ec945) Although I reboot PC of restart splunk,...

threathunting_file_summary is empty

no use to install sysmon add on app: ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/92cc1b38-9a88-4537-a842-e79c0cfe886f) I use local splunk without forward,the the command is as follows: C:\Program Files\Splunk\bin>splunk cmd btool inputs list --debug C:\Program Files\Splunk\bin>splunk cmd...

threathunting_file_summary is empty

I reinstall the splunk. ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/8a39c891-df05-4689-8c96-9aafa3dec173) As above, there is no threathunting_file_summary. I add index for threathunting app with windows、threathunting and threathunting_file_summary. Restart the splunk, nothing changed, remains no threathunting_file_summary, no...

threathunting_file_summary is empty

Still not work sir. 1.C:\Program Files\Splunk\etc\apps\Splunk_TA_microsoft_sysmon\default\inputs.conf ## ## SPDX-FileCopyrightText: 2021 Splunk, Inc. ## SPDX-License-Identifier: LicenseRef-Splunk-8-2021 ## ## [WinEventLog://Microsoft-Windows-Sysmon/Operational] disabled = false renderXml = 1 source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational [WinEventLog://WEC-Sysmon] disabled =...

threathunting_file_summary is empty

Is it related to the warning? ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/bdebc5a8-0f48-4b65-865f-853d7159ab5a) ![image](https://github.com/olafhartong/ThreatHunting/assets/44870751/175fd129-d998-4126-8db1-b33c700e8659)