Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.12k stars 175 forks source link

Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon #97

Closed dstaulcu closed 1 year ago

dstaulcu commented 1 year ago

The "required app status" panel in the "about this app view" indicates a dependency for the "micosoft sysmon add-on". The referenced application has been archived in splunkbase.

The replacement application is called "Splunk Add-on for Sysmon" on splunkbase. The label of the app when installed is "Splunk_TA_microsoft_sysmon".

I suggest changing the dependency to the new sysmon app version. It appears to work fine.

dstaulcu commented 1 year ago

this issue can be closed. The requested changes were merged with pull request #98