Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.14k stars 178 forks source link

Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon #97

Closed dstaulcu closed 2 years ago

dstaulcu commented 2 years ago

The "required app status" panel in the "about this app view" indicates a dependency for the "micosoft sysmon add-on". The referenced application has been archived in splunkbase.

The replacement application is called "Splunk Add-on for Sysmon" on splunkbase. The label of the app when installed is "Splunk_TA_microsoft_sysmon".

I suggest changing the dependency to the new sysmon app version. It appears to work fine.

dstaulcu commented 2 years ago

this issue can be closed. The requested changes were merged with pull request #98