I am currently stuck with this question: Access the Sysmon App for Splunk and go to the “Reports” tab. Fix the search associated with the “Net - net view” report and provide the complete executed command as your answer. Answer format: net view /Domain:_.local .
Does anyone have an idea how to solve this? I am completely lost on this one.
since searcing with ‘sysmon’ in search bar does not return any results, i redefine the whole query
Beyond the hint given. You should look at where and what is being searched by the query and then point it in a better direction.
If you can’t get any results with ‘sysmon’, then how do you find the logs we need? Do we ditch the sysmon search? Other websites even say that you find things in net.exe with the ‘sysmon’ search.
Okay. I got it. Try searching for CommandLine=“net view” after ‘sysmon’. For some reason, when I tried it today, the ‘sysmon’ search actually brought up results.
I used this : *
I also didn’t really understand this task, so this worked for me:
In the search bar just search for net view, there will be only 6 results - just manually look at CommandLine fiel of each one and you will find the solution!
P. S.: Idk why it dosen’t work as intended, if somebody has the “right” way to do this task fell free to explain 
A better way to solving this is to first specify the default sysmon field on SPL (l), then input any events you want to get your answer… Happy Splunking 
A hint: using previous syntaxes and having in mind that SPLUNK just “searches”, you can use the Answer format to get the answer
I thought we were to add symon app for splunk then try to access the net view through it to modify the command. But I can’t find sysmon plugin in the apps
sysmon “eventcode=1” CommandLine=“net view /Domain:*” i got one hit and answer is there
hi, how tro download sysmon app? i signed up for splunk base but can not log into account on Lab machine. when i try on my PC i can log on but on Lab machine it keep spinning forever
As slimchady mentioned in the above thread, open Burp suite, turn off intercept on the proxy settings then login through Burp’s browser.
i Have download it on my PC then i uploaded it on a file share service then i used the link to download it on the machine and install it.