search

murchisd / splunk_pstree_app

Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
22 stars 4 forks source link

Added debug line to view how Splunk passes record; Updated readme to … #3

Closed murchisd closed 2 years ago

murchisd commented 2 years ago

…address missing fields issue