Monitor for Service Changes in Windows

The following splunk search looks for changes in services within Windows.  

 

Continue Reading →

Event Logs | System Logs | Warnings and Errors

This will hit all of the host and pull back the eventlogs and group them by Message. You can change the source to what ever windows eventlogs you need

Continue Reading →

Unintended Windows Shutdowns

This splunk query will show any unintended Windows system Shutdowns. Ensure the Splunk App for Windows is installed, you can grab it here: https://apps.splunk.com/app/742/

Continue Reading →

Verify Windows Updates have been Applied

The following splunk query will return results on any Windows Updates (Patches) that have been applied by searching for the KB value associated with the EventID.  

Continue Reading →

Microsoft Antimalware Virus Remediation Details

This query will return detailed results on malware/virus remediation.

Continue Reading →

Microsoft Antimalware Malware Detection Details

This query will return results if malware is detected, and return detailed information on the Malware detected.

Continue Reading →

Microsoft AntiMalware Scan Completion

This query lists a count by scan type, duration of scan, and the host the scan took place on. Modify as needed.

Continue Reading →

Windows Power Off Duration

This query will indicate the time it took between a computer shutdown and a computer powering back on. Typically found in restarts and shutdowns. This would not occur during a hard-reset or loss of power.

Continue Reading →