A 3rd party has installed Splunk SE and it hasn't been fully configured. I'm looking at the Basic Malware Outbreak and it references symantec, how do I amend this to include our antivirus?
Copy the SPL from SSE into a new search in your app. Make the necessary changes. Save it as an alert.
View solution in original post