I am currently stuck with this question: Access the Sysmon App for Splunk and go to the “Reports” tab. Fix the search associated with the “Net - net view” report and provide the complete executed command as your answer. Answer format: net view /Domain:_.local .
Does anyone have an idea how to solve this? I am completely lost on this one.
since searcing with ‘sysmon’ in search bar does not return any results, i redefine the whole query
Beyond the hint given. You should look at where and what is being searched by the query and then point it in a better direction.
If you can’t get any results with ‘sysmon’, then how do you find the logs we need? Do we ditch the sysmon search? Other websites even say that you find things in net.exe with the ‘sysmon’ search.