Splunk-Sysmon-GetProcessAssociates.ps1
- Downloads Sysmon events of a specified host and time range from Splunk. Prompts user to select parent process of concern. Identifies all children of the selected process. Outputs associated sysmon events to object and gridview.
