Create SPL Detections for Splunk with MonteAI

Navigate to the left navigation panel -> click search
- Select Splunk and PROCEED
Drag GATHER DATA component from the right components list
Select avl_get_splunk_endpoint_data_winevent or other available data source (will vary based on your environment)
Drag Code Block or Filter component from the right components list to begin building queries

Last updated 1 year ago