Free Splunk analytics application for whitelisting, Windows Event Logging and Sysmon events.
The free Airlock Digital App for Splunk provides a rich application for security operations teams to visualize Microsoft Windows, SysInternals SysMon and Airlock Application Whitelisting data.
This application provides interactive dashboards for:
- Airlock Digital’s enterprise application whitelisting product;
- Remote Desktop connections & login activity from across the Windows enteprise;
- Investigating interesting Windows security events such as Log Clearing as described in the NSA Whitepaper “Spotting the Adversary with Windows Event Log Monitoring”;
- Detecting Active Directory attacks like Pass the Hash, Silver & Golden ticket stealing;
- Identify BSOD events, application and service failures;
- Interacting with Windows Firewall and Windows Defender Events;
Displaying information from SysInternals Sysmon, including the detection of Mimikatz credential stealing including process injection and other process indicators.