Free Splunk analytics application for whitelisting, Windows Event Logging and Sysmon events.

The free Airlock Digital App for Splunk provides a rich application for security operations teams to visualize Microsoft Windows, SysInternals SysMon and Airlock Application Whitelisting data.

This application provides interactive dashboards for:

  • Airlock Digital’s enterprise application whitelisting product;
  • Remote Desktop connections & login activity from across the Windows enteprise;
  • Investigating interesting Windows security events such as Log Clearing as described in the NSA Whitepaper “Spotting the Adversary with Windows Event Log Monitoring”;
  • Detecting Active Directory attacks like Pass the Hash, Silver & Golden ticket stealing;
  •  Identify BSOD events, application and service failures;
  • Interacting with Windows Firewall and Windows Defender Events;
  • Displaying information from SysInternals Sysmon, including the detection of Mimikatz credential stealing including process injection and other process indicators.

Download from SplunkBase
airlock_splunk_events-300x155-1
airlock_splunk_rdp-300x180-1
airlock_splunk_symon-1-300x284-1
airlock_splunk_whitlelist-1-300x257-1

See the Airlock approach to
Application Whitelisting

Learn More