Introducing Windows Personal Security
Windows Personal Security is a new Splunk cybersecurity app that I recently launched, and it is now available on Splunkbase as a free download. WPS transforms your Windows event log and Sysmon data with 6 interactive dashboards including high fidelity visualizations and 36 built-in security alerts, empowering you to monitor and analyze a continuous stream of data in real time and perform basic cybersecurity investigations in Splunk. With WPS, anyone can monitor Windows computers at home and perform cybersecurity analysis based on best practices. You don’t have to be a trained cybersecurity professional to gain tremendous value from WPS app for Splunk. WPS transforms the rich data sources Windows provides natively into user-friendly dashboards, so you can understand the important system activity your logs are recording without having to dig through all the data manually. WPS is the easiest way to gain visibility into Windows endpoints and harness the power of the machine data at your fingertips.
WPS provides visibility into endpoint performance, enabling you to monitor the current state of your Windows computer, including network, system, services, security, and logon activity. The more you review your WPS dashboards, the more you will learn about your Windows machine. Recognizing the normal baseline of system activity will make it easier to recognize unusual behavior that may or may not be malicious. And that’s what cyber analysts do, respond to security alerts and investigate unusual activity! If a built-in WPS alert is triggered or you detect anomalous system behavior on your own, you should drill down into these events and investigate further, utilizing internal and external resources for help as needed. Windows Personal Security offers a powerful layer of defense to your home network on top of antivirus software, creating multilayer security to protect all of your personal Windows-based devices.
Getting Started with Windows Personal Security
This is everything you will need to add an additional layer of defense for your Windows PC and enhance your own cybersecurity skills with Windows Personal Security. And it’s all free!
1. Windows Event Logs. These logs are native to Windows and already logging data.
2. Windows Sysmon. Sysmon is a free utility that logs important system processes and provides far more granular insight into Windows endpoints than event logs alone.
3. Splunk Enterprise or Splunk Cloud, commercial or free license. WPS runs on the Splunk platform, so you will need to download Splunk if you haven’t already. Splunk Enterprise comes with a free 2-month trial period and then converts to a free license unless you upgrade your license.
4. Splunk Add-On for Microsoft Windows. This is the only other Splunk app you need to download and install in Splunk for WPS to work optimally. This Splunk add-on will make your Windows log data CIM compliant and compatible with the predefined search queries in WPS.
5. Data Inputs. You need to pull these 4 local data sources from your computer into Splunk: Windows security, application, system event logs and your Sysmon operational log.
6. Windows Personal Security. You can install WPS on Splunk Web or download and install on Splunkbase.
Modern technology is not the problem. Modern technology is the solution. In the digital age, we all need an understanding of basic cybersecurity principles, evolving cyberthreats, and social engineering tactics in order to protect individuals, businesses, government entities, and critical infrastructure from sophisticated cyberthreats. With these 6 simple steps, you can begin monitoring, analyzing, and defending Windows endpoints like a pro. Take your cybersecurity skills to the next level and fortify your home network defense with Windows Personal Security!