Airlock Splunk Application

Free Splunk analytics application for whitelisting, Windows Event Logging and Sysmon events.

The free Airlock Digital App for Splunk provides a rich application for security operations teams to visualize Microsoft Windows, SysInternals SysMon and Airlock Application Whitelisting data.

This application provides interactive dashboards for:
– Airlock Digital’s enterprise application whitelisting product;
Remote Desktop connections & login activity from across the Windows enteprise;
– Investigating interesting Windows security events such as Log Clearing as described in the NSA Whitepaper “Spotting the Adversary with Windows Event Log Monitoring”;
– Detecting Active Directory attacks like Pass the Hash, Silver & Golden ticket stealing;
– Identify BSOD events, application and service failures;
– Interacting with Windows Firewall and Windows Defender Events;
– Displaying information from SysInternals Sysmon, including the detection of Mimikatz credential stealing including process injection and other process indicators.

See the Airlock approach to Application Whitelisting

Windows Event Log Analytics

Remote Desktop Connections

Advanced Sysmon Reporting

Whitelisting Analytics