Splunk Windows Registry Monitor
Hey everyone, just wanted to let you know that a preview release of Splunk just left the docks.
I want to introduce to you one the latest features for Windows Splunk – the monitoring of Windows registry in real time for activity/events, and the indexing and searching these events with Splunk.
While working on this we had a few challenges:
First, there aren’t any published win32 APIs that does this in user mode. The best that you can do with win32 API is to poll the registry for certain registry key/hives, and you’ll be notified when if the key or subkey of the hive has been changed. Even when you get a notification for a change, you will not …