The free Airlock Digital App for Splunk provides a rich application for security operations teams to visualize Microsoft Windows, SysInternals SysMon and Airlock Application Whitelisting data.

This application provides interactive dashboards for:

• Airlock Digital’s enterprise application whitelisting product;
• Remote Desktop connections & login activity from across the Windows enteprise;
• Investigating interesting Windows security events such as Log Clearing as described in the NSA Whitepaper “Spotting the Adversary with Windows Event Log Monitoring”;
• Detecting Active Directory attacks like Pass the Hash, Silver & Golden ticket stealing;
•  Identify BSOD events, application and service failures;
• Interacting with Windows Firewall and Windows Defender Events;

• Displaying information from SysInternals Sysmon, including the detection of Mimikatz credential stealing including process injection and other process indicators.