The free Airlock Digital App for Splunk provides a rich application for security operations teams to visualize Microsoft Windows, SysInternals SysMon and Airlock Application Whitelisting data.

This application provides interactive dashboards for:
– Airlock Digital’s enterprise application whitelisting product;
– Remote Desktop connections & login activity from across the Windows enteprise;
– Investigating interesting Windows security events such as Log Clearing as described in the NSA Whitepaper “Spotting the Adversary with Windows Event Log Monitoring”;
– Detecting Active Directory attacks like Pass the Hash, Silver & Golden ticket stealing;
– Identify BSOD events, application and service failures;
– Interacting with Windows Firewall and Windows Defender Events;
– Displaying information from SysInternals Sysmon, including the detection of Mimikatz credential stealing including process injection and other process indicators.

See the Airlock approach to Application Whitelisting