diff --git a/deployment-apps/winwatch/README b/deployment-apps/winwatch/README
new file mode 100644
index 00000000..60827857
--- /dev/null
+++ b/deployment-apps/winwatch/README
@@ -0,0 +1,49 @@
+App Name: winwatch
+Version: 1.1
+Author: Securonix Anjaneyulu Bollimuntha
+
+Installation and Configuration document:
+Support Contact:anjirhl@gmail.com
+
+Description of the App:
+The WinWatch App for Splunk provides an Executive and Operational view of key metrics and trends derived using windows security event log.
+
+Prerequisites:
+
+•	Splunk Enterprise / light / cloud server.
+•	Log data with source type : WinEventLog:Security
+
+Install the WinWatch App
+The WinWatch app has been provided as a “.tar.gz” file. Please follow the standard app import process in Splunk through the “Manage Apps” menu to install the WinWatch App.
+
+
+>> Click on the “Manage Apps” from Apps drop down and Choose “Install app from file” option.
+
+<< Dashboard Details >>
+
+User Logon Metrics / Trends
+
+The initial three panels provide day-day comparison of below items (last 48hrs).
+
+	No of servers people accessed.
+	No of unique accounts used.
+	Total logon count.
+	Total logon trend.
+	Interactive logon trend 
+	Non-Interactive logon trend (network,batch ..etc).
+
+Management Activities 
+
+The first four panels in the dashboard provides the below details.
+-	Count of accounts created count (Day-Day comparison)
+-	Count of accounts Removed count (Day-Day comparison)
+-	Count of accounts Modified (Day-Day comparison)
+-	Trend over time (Account created / removed) for the selected timeframe.
+-	Activity trend of accounts being enabled and disabled.
+-	Activity trend of accounts being locked and unlocked.
+-	Activity trend of firewall rule changes.
+-	Activity trend of domain and audit policy changes.
+
+
+
+
diff --git a/deployment-apps/winwatch/bin/README b/deployment-apps/winwatch/bin/README
new file mode 100755
index 00000000..76199287
--- /dev/null
+++ b/deployment-apps/winwatch/bin/README
@@ -0,0 +1 @@
+This is where you put any scripts you want to add to this app.
diff --git a/deployment-apps/winwatch/default/app.conf b/deployment-apps/winwatch/default/app.conf
new file mode 100644
index 00000000..dc607e07
--- /dev/null
+++ b/deployment-apps/winwatch/default/app.conf
@@ -0,0 +1,24 @@
+#
+# Splunk app configuration file
+#
+[id]
+name = winwatch
+version = 1.1.1
+
+[package]
+id = winwatch
+version = 1.1.1
+
+[install]
+is_configured = 0
+
+[ui]
+is_visible = 1
+label = WinWatch
+
+[launcher]
+author = Anjaneyulu Bollimuntha
+description = The win-watch App for Splunk provides an Executive and Operational view of key metrics and trends derived using windows security event log.
+
+version = 1.1.1
+
diff --git a/deployment-apps/winwatch/default/data/ui/nav/default.xml b/deployment-apps/winwatch/default/data/ui/nav/default.xml
new file mode 100644
index 00000000..49d4e7cd
--- /dev/null
+++ b/deployment-apps/winwatch/default/data/ui/nav/default.xml
@@ -0,0 +1,5 @@
+<nav search_view="search" color="#111008">
+  <view name="search" default='true' />
+  <view name="logons" />
+  <view name="admin_activity" />
+</nav>
diff --git a/deployment-apps/winwatch/default/data/ui/views/README b/deployment-apps/winwatch/default/data/ui/views/README
new file mode 100644
index 00000000..d518a88b
--- /dev/null
+++ b/deployment-apps/winwatch/default/data/ui/views/README
@@ -0,0 +1 @@
+Add all the views that your app needs in this directory
diff --git a/deployment-apps/winwatch/default/data/ui/views/admin_activity.xml b/deployment-apps/winwatch/default/data/ui/views/admin_activity.xml
new file mode 100644
index 00000000..2c149b7a
--- /dev/null
+++ b/deployment-apps/winwatch/default/data/ui/views/admin_activity.xml
@@ -0,0 +1,272 @@
+<form>
+  <label>Management Activities</label>
+  <search id="my_search1">
+    <query>index="$idx$" sourcetype="$st$" |timechart span=1d count(eval(EventCode="626" OR EventCode="627" OR EventCode="628" OR EventCode="629" OR EventCode="632" OR EventCode="633" OR EventCode="636" OR EventCode="637" OR EventCode="644" OR EventCode="650" OR EventCode="651" OR EventCode="655" OR EventCode="656" OR EventCode="660" OR EventCode="661" OR EventCode="665" OR EventCode="666" OR EventCode="671" OR EventCode="685" OR EventCode="4722" OR EventCode="4723" OR EventCode="4724" OR EventCode="4725" OR EventCode="4728" OR EventCode="4729" OR EventCode="4732" OR EventCode="4733" OR EventCode="4740" OR EventCode="4746" OR EventCode="4747" OR EventCode="4751" OR EventCode="4752" OR EventCode="4756" OR EventCode="4757" OR EventCode="4761" OR EventCode="4762" OR EventCode="4767" OR EventCode="4781")) AS acc_modified,count(eval(EventCode="624" OR EventCode="645" OR EventCode="4720" OR EventCode="4741")) AS acc_created,count(eval(EventCode="630" OR EventCode="647" OR EventCode="4726" OR EventCode="4743")) AS acc_removed,count(eval(EventCode="626" OR EventCode="4722")) AS acc_enabled,count(eval(EventCode="629" OR EventCode="4725")) AS acc_disabled,count(eval(EventCode="644" OR EventCode="4740")) AS acc_locked,count(eval(EventCode="671" OR EventCode="4767")) AS acc_unlocked</query>
+    <earliest>$field1.earliest$</earliest>
+    <latest>$field1.latest$</latest>
+  </search>
+  <fieldset submitButton="false">
+    <input type="dropdown" token="idx">
+      <label>Select The Index</label>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <fieldForLabel>index</fieldForLabel>
+      <fieldForValue>index</fieldForValue>
+      <search>
+        <query>| eventcount summarize=false index=* | dedup index | fields index</query>
+      </search>
+    </input>
+    <input type="dropdown" token="st">
+      <label>Select Sourcetype</label>
+      <choice value="WinEventLog:Security">WinEventLog:Security</choice>
+      <default>WinEventLog:Security</default>
+      <fieldForLabel>sourcetype</fieldForLabel>
+      <fieldForValue>sourcetype</fieldForValue>
+      <search>
+        <query>|metadata type=sourcetypes|table sourcetype|search NOT sourcetype="WinEventLog:Security"</query>
+      </search>
+    </input>
+    <input type="time" token="field1" searchWhenChanged="true">
+      <label>Date</label>
+      <default>
+        <earliest>-7d@h</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <single>
+        <title>Accounts Created</title>
+        <search base="my_search1">
+          <query>|table _time acc_created |sort _time</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
+        <option name="rangeValues">[0,30,70,100]</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">after</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="trendInterval">-24h</option>
+      </single>
+    </panel>
+    <panel>
+      <single>
+        <title>Accounts Removed</title>
+        <search base="my_search1">
+          <query>|table _time acc_removed |sort _time</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
+        <option name="rangeValues">[0,30,70,100]</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">after</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="trendInterval">-24h</option>
+      </single>
+    </panel>
+    <panel>
+      <single>
+        <title>Accounts Modified</title>
+        <search base="my_search1">
+          <query>|table _time acc_modified |sort _time</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="rangeColors">["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"]</option>
+        <option name="rangeValues">[0,30,70,100]</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">after</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="trendInterval">-24h</option>
+      </single>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Accounts Creation / Deletion Trend</title>
+        <search base="my_search1">
+          <query>|table _time acc_created acc_removed|timechart sum(acc_created) AS acc_created,sum(acc_removed) AS acc_removed</query>
+        </search>
+        <option name="charting.chart">area</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">all</option>
+        <option name="charting.chart.showMarkers">true</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Accounts Enable / Disable - Trend</title>
+        <search base="my_search1">
+          <query>|timechart sum(acc_disabled) AS acc_disabled,sum(acc_enabled) AS acc_enabled</query>
+        </search>
+        <option name="charting.chart">column</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">none</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">bottom</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Accounts Locked / Unlocked - Trend</title>
+        <search base="my_search1">
+          <query>|timechart sum(acc_locked) AS acc_locked,sum(acc_unlocked) AS acc_unlocked</query>
+        </search>
+        <option name="charting.chart">bar</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">none</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">bottom</option>
+      </chart>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Firewall Rule Changes</title>
+        <search>
+          <query>index="$idx$" sourcetype="$st$" (EventCode="4947" OR EventCode="4946" OR EventCode="4948") |timechart count</query>
+          <earliest>$field1.earliest$</earliest>
+          <latest>$field1.latest$</latest>
+        </search>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart">line</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">all</option>
+        <option name="charting.chart.showMarkers">true</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">default</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Domain / Audit Policy Changes</title>
+        <search>
+          <query>index="$idx$" sourcetype="$st$" (EventCode=612 OR EventCode=4715 OR EventCode="643" OR EventCode="4739") |timechart count</query>
+          <earliest>-7d@h</earliest>
+          <latest>now</latest>
+        </search>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart">column</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">all</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">default</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+  </row>
+</form>
diff --git a/deployment-apps/winwatch/default/data/ui/views/logons.xml b/deployment-apps/winwatch/default/data/ui/views/logons.xml
new file mode 100644
index 00000000..855396b7
--- /dev/null
+++ b/deployment-apps/winwatch/default/data/ui/views/logons.xml
@@ -0,0 +1,262 @@
+<form>
+  <search id="my_search1">
+    <query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=* earliest=-48h|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|timechart span=1d  dc(ComputerName) AS server_count,dc(Account_Name) AS user_count,count AS logon_count</query>
+  </search>
+  <search id="my_search2">
+    <query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=*|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|eval login_method=Logon_Type|replace 0 with "System Only",2 with "Interactive Logon",3 with "Network",4 with "Batch",5 with "Service",6 with "Proxy logon",7 with "Unlock",8 with "Network Clear Text",9 with "New Credentials",10 with "Remote Interactive",11 with "Cached Interactive",12 with "CachedRemoteInteractive",13 with "CachedUnlock" in login_method|timechart span=1d count by login_method|addtotals</query>
+    <earliest>$field1.earliest$</earliest>
+    <latest>$field1.latest$</latest>
+  </search>
+  <search id="my_search3">
+    <query>index="$idx$" sourcetype="$st$" (EventCode=528 OR EventCode=540 OR EventCode=552 OR EventCode=4648 OR EventCode=4624 OR EventCode=4774) Logon_Type=*|eval Account_Name=if(isnull(Account_Name),User,Account_Name)|eval Account_Name=mvindex(Account_Name,1)|search NOT (Account_Name="*$" OR Account_Name="ANONYMOUS LOGON" OR Account_Name="SYSTEM" OR Account_Name="LOCAL SERVICE" OR Account_Name="NETWORK SERVICE" OR Account_Name="-")|stats count by Account_Name,ComputerName,Source_Network_Address|search NOT (Source_Network_Address="-")</query>
+    <earliest>$field1.earliest$</earliest>
+    <latest>$field1.latest$</latest>
+  </search>
+  <label>User Logon Metrics / Trends</label>
+  <fieldset submitButton="false">
+    <input type="dropdown" token="idx">
+      <label>Select The Index</label>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <fieldForLabel>index</fieldForLabel>
+      <fieldForValue>index</fieldForValue>
+      <search>
+        <query>| eventcount summarize=false index=* | dedup index | fields index</query>
+      </search>
+    </input>
+    <input type="dropdown" token="st">
+      <label>Select Sourcetype</label>
+      <choice value="WinEventLog:Security">WinEventLog:Security</choice>
+      <default>WinEventLog:Security</default>
+      <fieldForLabel>sourcetype</fieldForLabel>
+      <fieldForValue>sourcetype</fieldForValue>
+      <search>
+        <query>|metadata type=sourcetypes|table sourcetype|search NOT sourcetype="WinEventLog:Security"</query>
+      </search>
+    </input>
+    <input type="time" token="field1" searchWhenChanged="true">
+      <label>Date</label>
+      <default>
+        <earliest>-30d@d</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <single>
+        <title>SERVER COUNT</title>
+        <search base="my_search1">
+          <query>|table _time server_count |timechart span=1d sum(server_count) AS count</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">after</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
+        <option name="rangeValues">[15000]</option>
+        <option name="underLabel">Day-Day Trend</option>
+      </single>
+    </panel>
+    <panel>
+      <single>
+        <title>USER COUNT</title>
+        <search base="my_search1">
+          <query>|table _time user_count |timechart span=1d sum(user_count) AS count</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">after</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
+        <option name="rangeValues">[15000]</option>
+        <option name="underLabel">Day-Day Trend</option>
+      </single>
+    </panel>
+    <panel>
+      <single>
+        <title>LOGON COUNT</title>
+        <search base="my_search1">
+          <query>|table _time logon_count |timechart span=1d sum(logon_count) AS count</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="colorBy">value</option>
+        <option name="colorMode">block</option>
+        <option name="numberPrecision">0</option>
+        <option name="showSparkline">1</option>
+        <option name="showTrendIndicator">1</option>
+        <option name="trendColorInterpretation">standard</option>
+        <option name="trendDisplayMode">absolute</option>
+        <option name="unitPosition">before</option>
+        <option name="useColors">1</option>
+        <option name="useThousandSeparators">1</option>
+        <option name="rangeColors">["0x6db7c6","0xf7bc38"]</option>
+        <option name="rangeValues">[15000]</option>
+        <option name="underLabel">Day-Day Trend</option>
+      </single>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <title>Logon Trend</title>
+      <chart>
+        <title>Overall Trend</title>
+        <search base="my_search2">
+          <query>|fields _time Total</query>
+        </search>
+        <option name="charting.chart">column</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">collapsed</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">all</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Interactive Logons</title>
+        <search base="my_search2">
+          <query>|fields _time "System Only","Interactive Logon",Unlock,"Remote Interactive","Cached Interactive","CachedRemoteInteractive"</query>
+        </search>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">collapsed</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart">column</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">all</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Non-Interactive Logon</title>
+        <search base="my_search2">
+          <query>|fields - Total "System Only","Interactive Logon",Unlock,"Remote Interactive","Cached Interactive","CachedRemoteInteractive"</query>
+        </search>
+        <option name="charting.chart">column</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">collapsed</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">none</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+        <option name="charting.chart.stackMode">stacked</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Top 5 - Active Accounts</title>
+        <search base="my_search3">
+          <query>|stats sum(count) AS count by Account_Name|sort - count |head 5</query>
+        </search>
+        <option name="charting.chart">bar</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Top 5 - Active Hosts</title>
+        <search base="my_search3">
+          <query>|stats sum(count) AS count by ComputerName|sort - count |head 5</query>
+        </search>
+        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
+        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
+        <option name="charting.axisTitleX.visibility">visible</option>
+        <option name="charting.axisTitleY.visibility">visible</option>
+        <option name="charting.axisTitleY2.visibility">visible</option>
+        <option name="charting.axisX.scale">linear</option>
+        <option name="charting.axisY.scale">linear</option>
+        <option name="charting.axisY2.enabled">0</option>
+        <option name="charting.axisY2.scale">inherit</option>
+        <option name="charting.chart">pie</option>
+        <option name="charting.chart.bubbleMaximumSize">50</option>
+        <option name="charting.chart.bubbleMinimumSize">10</option>
+        <option name="charting.chart.bubbleSizeBy">area</option>
+        <option name="charting.chart.nullValueMode">gaps</option>
+        <option name="charting.chart.showDataLabels">none</option>
+        <option name="charting.chart.sliceCollapsingThreshold">0</option>
+        <option name="charting.chart.stackMode">default</option>
+        <option name="charting.chart.style">shiny</option>
+        <option name="charting.drilldown">all</option>
+        <option name="charting.layout.splitSeries">0</option>
+        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
+        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+        <option name="charting.legend.placement">right</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Top 5  - Active Network Sources</title>
+        <search base="my_search3">
+          <query>|stats sum(count) AS count by Source_Network_Address|sort - count |head 5</query>
+        </search>
+        <option name="charting.chart">bar</option>
+      </chart>
+    </panel>
+  </row>
+</form>
diff --git a/deployment-apps/winwatch/metadata/default.meta b/deployment-apps/winwatch/metadata/default.meta
new file mode 100644
index 00000000..25019abc
--- /dev/null
+++ b/deployment-apps/winwatch/metadata/default.meta
@@ -0,0 +1,30 @@
+
+# Application-level permissions
+
+[]
+access = read : [ * ], write : [ admin, power ]
+
+### EVENT TYPES
+
+[eventtypes]
+export = system
+
+
+### PROPS
+
+[props]
+export = system
+
+
+### TRANSFORMS
+
+[transforms]
+export = system
+
+
+### LOOKUPS
+
+[lookups]
+export = system
+
+
diff --git a/deployment-apps/winwatch/splunkbase.manifest b/deployment-apps/winwatch/splunkbase.manifest
new file mode 100644
index 00000000..a9ebdd6c
--- /dev/null
+++ b/deployment-apps/winwatch/splunkbase.manifest
@@ -0,0 +1,98 @@
+{
+  "version": "1.0",
+  "date": "2022-11-14T16:44:39.683478381Z",
+  "hashAlgorithm": "SHA-256",
+  "app": {
+    "id": 3180,
+    "version": "1.1.1",
+    "files": [
+      {
+        "path": "static/appLogo_2x.png",
+        "hash": "aa240f3546bbd04536948e6f4832deea593263ad7c6f552ef5bd7e82024bdec5"
+      },
+      {
+        "path": "static/appIconAlt_2x.png",
+        "hash": "b832f7960c4708f3163aa6865c2fd62a58a3849953040b81b15fb73e83f5b2b9"
+      },
+      {
+        "path": "static/appIcon_2x.png",
+        "hash": "394b5469c877721ee8aac1c459530dda8a2a6d6164d961ad5373892456bc1bc9"
+      },
+      {
+        "path": "static/appIconAlt.png",
+        "hash": "947ffa5050835e40d7e704b12a9f0eee35afac620ffa5e7bb5e608909ae4bf70"
+      },
+      {
+        "path": "static/appIcon.png",
+        "hash": "ed6f17bf3592e0ef89b71aa58d7dcb7aece696a47a9b74fdeb5a15cecdc83dc8"
+      },
+      {
+        "path": "static/appLogo.png",
+        "hash": "1b1b0b25d20ed6e3829c2e79e0b61b825280d2c9211dccd9e2712d4b7516cab9"
+      },
+      {
+        "path": "static/application.css",
+        "hash": "3e87f005948ee9459254e03ab58a08ff68f70049a5f8bf0f8e36e4458d489343"
+      },
+      {
+        "path": "default/app.conf",
+        "hash": "278365f0e195b39e4139b476bafb61c6dcae133b2b0dd52e4702236b8f9cc2e5"
+      },
+      {
+        "path": "default/data/ui/nav/default.xml",
+        "hash": "9f72267997034d03931cbbdc2de31aa8a46080f244e8f051d587283258c3f7e7"
+      },
+      {
+        "path": "default/data/ui/views/logons.xml",
+        "hash": "a85a984232c14db6e242420f7e470c1f2b819a699182bbb93dbf0411a44f29f5"
+      },
+      {
+        "path": "default/data/ui/views/admin_activity.xml",
+        "hash": "c672bf228668357f348b93b56a2cde875cba5142688abc3057ef57bfc6308c16"
+      },
+      {
+        "path": "default/data/ui/views/README",
+        "hash": "f75000f12510d242fc99decea9e7e5a46a1a8bef910d3d6f741797816b35034d"
+      },
+      {
+        "path": "metadata/default.meta",
+        "hash": "9002ef6a926c74a75a4817e36c19f7c039b44b1cee7ecb9a39dcb59add002f41"
+      },
+      {
+        "path": "bin/README",
+        "hash": "eaaa0ae11a829d5492934487b9628ba841d2678941afc4d979dee5ff19b7adbb"
+      },
+      {
+        "path": "README",
+        "hash": "c06016197c4fe86061794310a5e979fd25f4ce53d35dccd1dc5ad552ed991a3a"
+      }
+    ]
+  },
+  "products": [
+    {
+      "platform": "splunk",
+      "product": "enterprise",
+      "versions": [
+        "7.0",
+        "7.1",
+        "7.2",
+        "7.3",
+        "8.0",
+        "8.1",
+        "8.2",
+        "9.0"
+      ],
+      "architectures": [
+        "x86_64"
+      ],
+      "operatingSystems": [
+        "windows",
+        "linux",
+        "macos",
+        "freebsd",
+        "solaris",
+        "aix"
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/deployment-apps/winwatch/static/appIcon.png b/deployment-apps/winwatch/static/appIcon.png
new file mode 100644
index 00000000..6ac88daf
Binary files /dev/null and b/deployment-apps/winwatch/static/appIcon.png differ
diff --git a/deployment-apps/winwatch/static/appIconAlt.png b/deployment-apps/winwatch/static/appIconAlt.png
new file mode 100644
index 00000000..3d3ba969
Binary files /dev/null and b/deployment-apps/winwatch/static/appIconAlt.png differ
diff --git a/deployment-apps/winwatch/static/appIconAlt_2x.png b/deployment-apps/winwatch/static/appIconAlt_2x.png
new file mode 100644
index 00000000..a787903c
Binary files /dev/null and b/deployment-apps/winwatch/static/appIconAlt_2x.png differ
diff --git a/deployment-apps/winwatch/static/appIcon_2x.png b/deployment-apps/winwatch/static/appIcon_2x.png
new file mode 100644
index 00000000..a4c9656a
Binary files /dev/null and b/deployment-apps/winwatch/static/appIcon_2x.png differ
diff --git a/deployment-apps/winwatch/static/appLogo.png b/deployment-apps/winwatch/static/appLogo.png
new file mode 100644
index 00000000..86ce12eb
Binary files /dev/null and b/deployment-apps/winwatch/static/appLogo.png differ
diff --git a/deployment-apps/winwatch/static/appLogo_2x.png b/deployment-apps/winwatch/static/appLogo_2x.png
new file mode 100644
index 00000000..69aa071f
Binary files /dev/null and b/deployment-apps/winwatch/static/appLogo_2x.png differ
diff --git a/deployment-apps/winwatch/static/application.css b/deployment-apps/winwatch/static/application.css
new file mode 100644
index 00000000..14e2ff52
--- /dev/null
+++ b/deployment-apps/winwatch/static/application.css
@@ -0,0 +1 @@
+.app-bar .app-name {     font-weight: bold !important;     display: inline !important;}.appLogo {     background: url("appLogo.png") no-repeat scroll 0 0 rgba(0, 0, 0, 0);}.app-name .app-logo {     display: inline !important;}
\ No newline at end of file