splunk总结

1.不同版本splunk下载
https://www.splunk.com/page/previous_releases#x86_64windows
2.插件下载地址：
https://splunkbase.splunk.com/apps/
3.github介绍
https://github.com/olafhartong/ThreatHunting
4.word版详细教程
https://www.linkedin.com/pulse/attckized-splunk-kirtar-oza-cissp-cisa-ms-/
5.sysmon下载
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
6.sysmon日志路径C:\Windows\System32\winevt\Logs
7.

.8
sysmon (Event_ID=12 OR Event_ID=13 OR Event_ID=14) (registry_path="\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" OR registry_path="\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls")
9.