Log Sources: Ensure Splunk is receiving the necessary logs. Windows: Windows Event Logs (System, Application, Security), Sysmon (highly recommended), dedicated File Integrity Monitoring (FIM) tool ...