Wrong Field names? - Githubissues

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.13k stars 177 forks source link

Closed bmk666 closed 5 years ago

bmk666 commented 5 years ago

First, nice app!

Im using sysmon v8.0 and i have figured out that i needed some field aliases to get your app running in splunk.

CommandLine = process_command_line EventID = event_id process = process_name

can be that there are some more!

BR, BMK

bmk666 commented 5 years ago

sry, found the field transforms in the props.conf!