https://community.splunk.com/t5/Alerting/Automating-queries-based-on-FireEye-quot-malware-object-detected/m-p/109500#M1603 <P>There is a cool app for FireEye devices <A href="https://splunkbase.splunk.com/app/1845/">https://splunkbase.splunk.com/app/1845/</A>. This might address your problem. </P> Thu, 14 May 2015 05:22:16 GMT satishsdange 2015-05-14T05:22:16Z https://community.splunk.com/t5/Alerting/Automating-queries-based-on-FireEye-quot-malware-object-detected/m-p/109499#M1602 <P>We currently have fireeye allerts coming in as log events that will be indexed. Some that are labeled as "malware-object detected" are currently manually processed by our analysts. They collect various fields (source/destnation IPs, time stamp, etc.), and build a query based on other logs (proxy, dns, exchange, etc.) as a way to build a "context" of the possible infection.<BR /> The idea is to automate this query search process every time a "malware-obeject detected" log is received and indexed.<BR /> May I get some pointers from you on how to proceed in terms of techniques and documentation?<BR /> Thank you.</P> Wed, 13 May 2015 16:27:49 GMT https://community.splunk.com/t5/Alerting/Automating-queries-based-on-FireEye-quot-malware-object-detected/m-p/109499#M1602 Thuan 2015-05-13T16:27:49Z https://community.splunk.com/t5/Alerting/Automating-queries-based-on-FireEye-quot-malware-object-detected/m-p/109500#M1603 <P>There is a cool app for FireEye devices <A href="https://splunkbase.splunk.com/app/1845/">https://splunkbase.splunk.com/app/1845/</A>. This might address your problem. </P> Thu, 14 May 2015 05:22:16 GMT https://community.splunk.com/t5/Alerting/Automating-queries-based-on-FireEye-quot-malware-object-detected/m-p/109500#M1603 satishsdange 2015-05-14T05:22:16Z