From 679cdddc70e916a83880d42ad0a6082a00985e6e Mon Sep 17 00:00:00 2001
From: Bob Karreman <bob.karreman@fox-it.com>
Date: Tue, 15 Oct 2024 14:10:09 +0200
Subject: [PATCH] Add installation section to Readme

---
 README.MD | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.MD b/README.MD
index 1cc6c84..86f2bd1 100644
--- a/README.MD
+++ b/README.MD
@@ -5,11 +5,15 @@ Provides sourcetyping for ingestion and processing of dissect records.
 ## Prerequisites and dependencies
 When ingested Dissect output contains Evtx records they are correctly interpreted according to CIM if the Splunk Windows TA is installed. 
 To achieve this, the XmlWinEventLog of the Windows TA is altered to perform KV_MODE field extractions. 
-Therefor, be carefull to use this app in a production monitoring environment.
+Therefore, be carefull to use this app in a production monitoring environment.
 
 App dependencies:
 - Splunk Windows TA
 
+## Installation
+The latest verion can be downloaded and installed directly from [Splunkbase](https://splunkbase.splunk.com/app/7580).
+Alternatively it can be downloaded from the Releases page on [Github](https://github.com/fox-it/dissect-add-on-for-splunk/releases).
+
 ## Usage
 Most basic usage is to create a tcp input in Splunk and configure it with the wanted dissect sourcetype.
 You can now use rdump from the Dissect suite to push data to the Splunk server tcp port. See Dissect documentation on how to use rdump.